Re: [tor-dev] Specification for 'How to Safely Sign a statement with a .onion key'

2014-12-01 Thread Ian Goldberg
On Mon, Dec 01, 2014 at 09:59:57AM -0500, Nick Mathewson wrote: > On Mon, Dec 1, 2014 at 9:30 AM, Ian Goldberg wrote: > > On Mon, Dec 01, 2014 at 09:14:03AM -0500, Nick Mathewson wrote: > >> Then how about specifying something like this for the RSA-signed part > >> (in place of the SHA1): > >>

Re: [tor-dev] Specification for 'How to Safely Sign a statement with a .onion key'

2014-12-01 Thread Nick Mathewson
On Mon, Dec 1, 2014 at 9:30 AM, Ian Goldberg wrote: > On Mon, Dec 01, 2014 at 09:14:03AM -0500, Nick Mathewson wrote: >> Then how about specifying something like this for the RSA-signed part >> (in place of the SHA1): >>[fixed string] 8 bytes >>[SHA512 signature] 32 bytes >> >> Where the f

Re: [tor-dev] Specification for 'How to Safely Sign a statement with a .onion key'

2014-12-01 Thread Ian Goldberg
On Mon, Dec 01, 2014 at 09:14:03AM -0500, Nick Mathewson wrote: > Then how about specifying something like this for the RSA-signed part > (in place of the SHA1): >[fixed string] 8 bytes >[SHA512 signature] 32 bytes > > Where the fixed sting could be something like "HSNONTOR", and we can >

Re: [tor-dev] Specification for 'How to Safely Sign a statement with a .onion key'

2014-12-01 Thread Nick Mathewson
On Sun, Nov 30, 2014 at 1:19 PM, Ian Goldberg wrote: > On Fri, Nov 28, 2014 at 03:22:18PM +, Steven Murdoch wrote: >> On 24 Nov 2014, at 18:54, Tom Ritter wrote: >> >> > Attached is a document written in the specification format for one >> > aspect of CA-signed .onion addresses - specifically

Re: [tor-dev] Specification for 'How to Safely Sign a statement with a .onion key'

2014-11-30 Thread Ian Goldberg
On Fri, Nov 28, 2014 at 03:22:18PM +, Steven Murdoch wrote: > On 24 Nov 2014, at 18:54, Tom Ritter wrote: > > > Attached is a document written in the specification format for one > > aspect of CA-signed .onion addresses - specifically a "What is a safe > > way to sign (or not sign) a statemen

Re: [tor-dev] Specification for 'How to Safely Sign a statement with a .onion key'

2014-11-28 Thread Steven Murdoch
On 24 Nov 2014, at 18:54, Tom Ritter wrote: > Attached is a document written in the specification format for one > aspect of CA-signed .onion addresses - specifically a "What is a safe > way to sign (or not sign) a statement using the .onion key" It > presents a couple options - I'd love to get

Re: [tor-dev] Specification for 'How to Safely Sign a statement with a .onion key'

2014-11-25 Thread grarpamp
Some hidden services have been signing various things with their HS keys. Even benefit may exists from moving from 1024 to 4k+ and add passphrased startup option while keeping 80bit for now. There may already be ticket on this area. ___ tor-dev mailing li

[tor-dev] Specification for 'How to Safely Sign a statement with a .onion key'

2014-11-24 Thread Tom Ritter
Attached is a document written in the specification format for one aspect of CA-signed .onion addresses - specifically a "What is a safe way to sign (or not sign) a statement using the .onion key" It presents a couple options - I'd love to get feedback from folks on which they prefer. I recognize