Try to be less ambigous about "maybe offline"...
...by defining "offline" as "maybe online". @diziet is this what you had in mind?
This commit is contained in:
parent
b667faf5c5
commit
410d05697f
|
@ -1,5 +1,15 @@
|
||||||
Here are some keys that we need to store for onion services.
|
Here are some keys that we need to store for onion services.
|
||||||
|
|
||||||
|
Below, we label some keys as "offline" keys, meaning that they are not
|
||||||
|
strictly necessary for running an onion service or client minute-by-minute,
|
||||||
|
and that it might be desirable to store them in a more secure environment.
|
||||||
|
We label some processes as "offline" processes, meaning that they can happen
|
||||||
|
infrequently in the background, and that it might be desirable to perform
|
||||||
|
them in a more secure environment.
|
||||||
|
|
||||||
|
As a convenience feature, it _should_ be possible to store these keys and
|
||||||
|
perform these processes online, if a more secure environment is not desired.
|
||||||
|
|
||||||
|
|
||||||
# Clients
|
# Clients
|
||||||
|
|
||||||
|
@ -10,8 +20,9 @@ keys:
|
||||||
* Any authentication keys in use with that onion
|
* Any authentication keys in use with that onion
|
||||||
service. (`KS_hs_client_desc_auth` or `KS_hs_client_intro_auth`)
|
service. (`KS_hs_client_desc_auth` or `KS_hs_client_intro_auth`)
|
||||||
|
|
||||||
|
The keys above are generated offline; their public keys are given to the
|
||||||
|
onion service operator offline. They need to be available at runtime.
|
||||||
|
|
||||||
The keys above can be provisioned offline and generated offline.
|
|
||||||
The public keys associated with them need to be encoded and transferred
|
The public keys associated with them need to be encoded and transferred
|
||||||
textually or in a file, for use by onion service providers.
|
textually or in a file, for use by onion service providers.
|
||||||
There is a passwd-style format for these, described in the C tor manual page,
|
There is a passwd-style format for these, described in the C tor manual page,
|
||||||
|
@ -21,22 +32,17 @@ AUTHORIZATION`.
|
||||||
|
|
||||||
# Services
|
# Services
|
||||||
|
|
||||||
Each onion service need these keys to operate.
|
Each onion service need these keys to operate:
|
||||||
It either needs to generate them online, or get provisioned with them from
|
|
||||||
some offline process.
|
|
||||||
They can be regenerated as needed, if the identity key is available.
|
|
||||||
|
|
||||||
* For each time period:
|
* For each time period:
|
||||||
* A private descriptor signing key (`KS_hs_desc_sign`),
|
* A private descriptor signing key (`KS_hs_desc_sign`),
|
||||||
* A certificate for that signing key, signed with the `BlindedOnionId`
|
* A certificate for that signing key, signed with the `BlindedOnionId`
|
||||||
for that time period (`KP_blind_id`).
|
for that time period (`KP_blind_id`).
|
||||||
|
|
||||||
To generate those certificates (online or offline), each onion service needs
|
To generate those certificates, each onion service needs
|
||||||
these keys:
|
these offline keys:
|
||||||
|
|
||||||
* A secret identity key (`KS_hs_id`).
|
* A secret identity key (`KS_hs_id`).
|
||||||
If it is kept offline, then some process needs to provision the service
|
|
||||||
with the descriptor signing key and certificate.
|
|
||||||
|
|
||||||
To operate, an onion service needs these secret keys, which do not have to be
|
To operate, an onion service needs these secret keys, which do not have to be
|
||||||
persistent.
|
persistent.
|
||||||
|
|
Loading…
Reference in New Issue