#26379 closed defect (fixed)

Rend-spec isn't clear about role of first layer of descriptor encryption

Reported by: sjmurdoch Owned by:
Priority: Medium Milestone: Tor: 0.3.5.x-final
Component: Core Tor/Tor Version:
Severity: Minor Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In [HS-DESC-FIRST-LAYER] of rend-spec-v3.txt it says:

The first layer of HS descriptor encryption is designed to protect
descriptor confidentiality against entities who don't know the blinded
public key of the hidden service.

However the HSDir does know the blinded public key, as that's part of the descriptor-signing-key-cert described in [DESC-OUTER]. Should the above quote instead be "...against entities who don't know the public identity master key of the hidden service"

Child Tickets

Change History (4)

comment:1 Changed 17 months ago by teor

We should also update sections 2.5.1.1 and 2.5.2.1., which describe how the descriptor is encrypted. The encryption uses a subcredential, which is derived from a credential, which is derived from the public-identity-key, which isn't known to the HSDir.

comment:2 Changed 17 months ago by asn

Status: newmerge_ready

Please see branch bug26379 for a well-needed patch here: https://github.com/torproject/torspec/pull/16

Thanks for making a ticket, Steven!

comment:3 Changed 17 months ago by nickm

Milestone: Tor: 0.3.5.x-final

comment:4 Changed 17 months ago by nickm

Resolution: fixed
Status: merge_readyclosed

LGTM too; merged to torspec!

Note: See TracTickets for help on using tickets.