[Moving this thread to tor-dev as suggested by Damian in separate mail.]
Hi Damian, hi Beck,
On 5/4/12 6:59 PM, Damian Johnson wrote:
> Hi Beck.
>
>> I noticed that stem has not been updated during the last ten days
>
> Yup, I've been busy for a while with a new arm release [1] and a
> variety
Hi Beck, hi Karsten.
First I'd like to make sure that I'm clear on what we're trying to do.
The javadocs for VerifyDescriptors [1] says that it...
> Verify server descriptors using the contained signing key. Verify that
> 1) a contained fingerprint is actually a hash of the signing key and
> 2)
Hi Karsten & Damian,
Extending stem to implement #2768 seems a good option to start with; I
looked at the Java code and felt doing it in stem should not be
complicated. However, I need some suggestions for the choice of Python
cryptography API, since I haven't used any before. A simple Goog
On 5/6/12 3:36 AM, Damian Johnson wrote:
> First I'd like to make sure that I'm clear on what we're trying to do.
> The javadocs for VerifyDescriptors [1] says that it...
>
>> Verify server descriptors using the contained signing key. Verify that
>> 1) a contained fingerprint is actually a hash o
On Mon, May 7, 2012 at 5:13 PM, Karsten Loesing wrote:
> On 5/6/12 3:36 AM, Damian Johnson wrote:
> > First I'd like to make sure that I'm clear on what we're trying to do.
> > The javadocs for VerifyDescriptors [1] says that it...
> >
> >> Verify server descriptors using the contained signing key
On 5/7/12 7:49 PM, Beck Chen wrote:
> On Mon, May 7, 2012 at 5:13 PM, Karsten Loesing wrote:
>
>> On 5/6/12 3:36 AM, Damian Johnson wrote:
>>> First I'd like to make sure that I'm clear on what we're trying to do.
>>> The javadocs for VerifyDescriptors [1] says that it...
>>>
Verify server de
I observed some inconsistency, if not errors, in the directory server specs
[1]:
1. Outline
Every authority has a very-secret, long-term "Authority Identity Key".
This is stored encrypted and/or offline, and is used to sign "key
certificate" documents. Every key certificate contains a me
On 5/8/12, Beck Chen wrote:
> According to the outline, the long-term identity key should be different
> from the
> signing key, which changes every 3-12 months. Then why should the signing
> key
> become the identity key in the descriptor format, and fingerprint become
> the hash
> of the identi
On 5/8/12 4:47 AM, Robert Ransom wrote:
> On 5/8/12, Beck Chen wrote:
>
>> According to the outline, the long-term identity key should be different
>> from the
>> signing key, which changes every 3-12 months. Then why should the signing
>> key
>> become the identity key in the descriptor format,
Hi Damian & Karsten,
I created ticket #5810 about this and CCed both of you:
https://trac.torproject.org/projects/tor/ticket/5810
Just want to make sure you guys are notified.
Beck
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torp
Hi Karsten & Damian,
I've been trying to port function determineKeyHash() from
VerifyDescriptors.java to stem, and it turned out to be more
complicated than I thought due to my unfamiliarity to many
cryptography terms and standards. I finally figured out a way to do it
by using a light-weighted li
> PSS. Do we need to keep Ravi in this conversation?
Nah, I'm good.
I'm spectating on tor-dev anyway.
--
neena
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Hi Beck. Unfortunately at this point you know far more about
descriptor crypto than me so I won't be much help. A quick search in
apt for 'pkcs' only came up with one python result, PyKCS11
(http://www.bit4id.org/trac/pykcs11), which looks to be mostly related
to smartcards. Hopefully Karsten will
>> PS. Are you guys getting email updates from ticket #5810? I'm doubting
>> that you two are not actually CCed since no one is replying...
>
> Yes. Both Karsten and I are subscribed to tor-bugs@ so we see all trac
> updates.
Oh, and I should add that I didn't reply to your last post because it
s
> It seems that PKCS#1 is the final answer, but
Quick question, if it is PKCS1 that we need then will the pycrypto
package do the trick? It looks like PKCS1 support is pretty new for
it, but the package itself is generally available by default. See the
last comment on...
https://bugs.launchpad.net
Hi Karsten, hi Beck. Just pushed stem support for extrainfo
descriptors (ye gods they have a lot of attributes)...
* Implementation
https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/descriptor/extrainfo_descriptor.py
* Unit Tests
https://gitweb.torproject.org/stem.git/blob/HEAD:/test/unit/de
Hi Beck,
I don't have good answers to your questions. To be honest, when I
implemented the Java verification code for #2768, I looked for hints in
an old Java version of Tor, rewrote that code, updated it for current
BouncyCastle versions using their JavaDocs and examples, and tweaked
everything
On 5/14/12 2:30 AM, Damian Johnson wrote:
> Hi Karsten, hi Beck. Just pushed stem support for extrainfo
> descriptors (ye gods they have a lot of attributes)...
>
> * Implementation
> https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/descriptor/extrainfo_descriptor.py
>
> * Unit Tests
> http
Hi Damian,
> Quick question, if it is PKCS1 that we need then will the pycrypto
> package do the trick? It looks like PKCS1 support is pretty new for
> it, but the package itself is generally available by default.
PyCrypto should do the trick, as described in their API document [1].
But I encount
Hi Karsten,
> I don't have good answers to your questions. To be honest, when I
> implemented the Java verification code for #2768, I looked for hints in
> an old Java version of Tor, rewrote that code, updated it for current
> BouncyCastle versions using their JavaDocs and examples, and tweaked
On Mon, May 14, 2012 at 2:04 AM, Karsten Loesing wrote:
> Hi Beck,
>
> I don't have good answers to your questions. To be honest, when I
> implemented the Java verification code for #2768, I looked for hints in
> an old Java version of Tor, rewrote that code, updated it for current
> BouncyCastle
Hi Beck. Thanks for diving into the descriptor crypto. As you've found
it's not an especially easy problem to solve. Just a reminder that if
you aren't finding it interesting then there's several other stem
related projects that you might find more to your liking.
Cheers! -Damian
_
Hi Damian,
I was actually on a short trip these days, and just arrived home. I'll
restart working on it tomorrow, and I believe there is more I can do.
That said I might join Ravi's work on the general controller class a
bit later after I've finished my work on the descriptor crypto.
Best,
Beck
23 matches
Mail list logo