Browse Source

Merge remote-tracking branch 'dgoulet/ticket21871_01'

Nick Mathewson 1 year ago
parent
commit
422ca3d2ed
1 changed files with 32 additions and 22 deletions
  1. 32 22
      proposals/224-rend-spec-ng.txt

+ 32 - 22
proposals/224-rend-spec-ng.txt

@@ -1221,39 +1221,49 @@ Table of contents:
           is included in the mandatory signing-key extension.  The certificate
           type must be [09].
 
-        Encryption key is specified as follow:
+        "enc-key" SP "ntor" SP key NL
 
-        [Exactly once enc-key per introduction point]
-
-           "enc-key" SP "ntor" SP key NL
-
-             The key is a base64 encoded curve25519 public key used to encrypt
-             the introduction request to service.
-
-           "enc-key" SP "legacy" NL key NL
+          [Exactly once per introduction point]
 
-             Base64 encoded RSA key, wrapped in "----BEGIN RSA PUBLIC
-             KEY-----" armor, for use with a legacy introduction point as
-             described in [LEGACY_EST_INTRO] and [LEGACY-INTRODUCE1] below.
+          The key is a base64 encoded curve25519 public key used to encrypt
+          the introduction request to service.
 
-        "enc-key-certification" NL certificate NL
+        "enc-key-cert" NL certificate NL
 
           [Exactly once per introduction point]
 
-          Cross-certification of the descriptor signing key by the enc-key.
-          The format of this certificate depends on the type of enc-key.
+          Cross-certification of the descriptor signing key by the encryption
+          key.
 
           For "ntor" keys, certificate is a proposal 220 certificate wrapped
           in "-----BEGIN ED25519 CERT-----" armor, cross-certifying the
-          descriptor signing key with the ed25519 equivalent of the curve25519
-          public key from "enc-key" derived using the process in proposal 228
-          appendix A. The certificate type must be [10], and the signing-key
+          descriptor signing key with the ed25519 equivalent of a curve25519
+          public encryption key derived using the process in proposal 228
+          appendix A. The certificate type must be [0B], and the signing-key
           extension is mandatory.
 
-          For "legacy" keys, certificate is a proposal 220 RSA->Ed
-          cross-certificate wrapped in "-----BEGIN CROSSCERT-----" armor,
-          cross-certifying the descriptor signing key with the legacy RSA
-          encryption key.
+        "legacy-key" NL key NL
+
+          [None or at most once per introduction point]
+
+          The key is an ASN.1 encoded RSA public key in PEM format used for a
+          legacy introduction point as described in [LEGACY_EST_INTRO] and
+          [LEGACY-INTRODUCE1] below.
+
+          This field is only present if the introduction point only supports
+          legacy protocol (v2) that is <= 0.2.9 or the protocol version value
+          "HSIntro 3".
+
+        "legacy-key-cert NL certificate NL
+
+          [None or at most once per introduction point]
+
+          MUST be present if "legacy-key" is present.
+
+          The certificate is a proposal 220 RSA->Ed cross-certificate wrapped
+          in "-----BEGIN CROSSCERT-----" armor, cross-certifying the
+          descriptor signing key with the RSA public key found in
+          "legacy-key".
 
    To remain compatible with future revisions to the descriptor format,
    clients should ignore unrecognized lines in the descriptor.