key bundles
This commit is contained in:
parent
8911be6331
commit
74d719e504
|
@ -1 +1,31 @@
|
||||||
# Key Bundles
|
# Key Bundles
|
||||||
|
|
||||||
|
Cwtch servers identify themselves through signed key bundles. These key bundles contain a list of keys necessary
|
||||||
|
to make cwtch group communication secure and metadata resistant.
|
||||||
|
|
||||||
|
At the time of writing, key bundles are expected to contain 3 keys:
|
||||||
|
|
||||||
|
1. A Tor v3 Onion Service Public Key for the Token Board (ed25519)- used to connect to the service over Tor to post and
|
||||||
|
receive messages.
|
||||||
|
2. A Tor v3 Onion Service Public Key for the Token Service (ed25519) - used to acquire tokens to post on the service via
|
||||||
|
a small proof-of-work exercise.
|
||||||
|
3. A Privacy Pass Public Key - used in the token acquisition process (a ristretto curve point) . See: [OPTR2019-01](https://openprivacy.ca/research/OPTR2019-01/)
|
||||||
|
|
||||||
|
The key bundle is signed and can be verified via the first v3 onion service key, thus binding it to that particular oninon
|
||||||
|
address.
|
||||||
|
|
||||||
|
## Verifying Key Bundles
|
||||||
|
|
||||||
|
Profiles who import server key bundles verify them using the following trust-on-first-use (TOFU) algorithm:
|
||||||
|
|
||||||
|
1. Verify the attached signature using the v3 onion address of the server. (If this fails, the import process is halted)
|
||||||
|
2. Check that every key type exists. (If this fails, the import process is halted)
|
||||||
|
3. If the profile has imported the server key bundle previously, assert that all the keys are the same. (If this fails, the import process is halted)
|
||||||
|
4. Save the keys to the servers contact entry.
|
||||||
|
|
||||||
|
In the future this algorithm will likely be altered to allow the addition of new public keys (e.g. to allow
|
||||||
|
tokens to be acquired via a Zcash address.)
|
||||||
|
|
||||||
|
Technically, at steps (2) and (3() the server can be assumed to be malicious, having signed a valid key bundle that
|
||||||
|
does not conform to the specifications. When groups are moved from "experimental" to "stable" such an action will
|
||||||
|
result in a warning being communicated to the profile.
|
Loading…
Reference in New Issue