r15921@catbus: nickm | 2007-10-18 11:16:38 -0400

Apply clarifications and comments from Karsten to rend-spec, with my own clarifications and comments.


svn:r12027

doc/spec/rend-spec.txt

@@ -146,21 +146,21 @@ $Id$
     to do that if he previously advertised some introduction points,
     and now he doesn't have any. -RD]
 
-   The format of a "V2" descriptor, that will probably used at some time in
-   the future, is as follows:
+   The format of a "V2" descriptor, that will probably be used at some time
+   in the future, is as follows:
 
      "rendezvous-service-descriptor" descriptor-id NL
 
        [At start, exactly once]
 
        Indicates the beginning of the descriptor. "descriptor-id" is a
-       temporary identifier of 160 bits formatted as 32 base32 chars that
-       can only be calculated by the hidden service and its clients,
-       i.e. by everyone who is aware of a "secret-cookie". (Further,
-       everyone can verify that this "descriptor-id" belongs to the rest
-       of the descriptor, even without knowing "secret-cookie", as
-       described below.) The "descriptor-id" is calculated by performing
-       the following operation:
+       periodically changing identifier of 160 bits formatted as 32 base32
+       chars that is calculated by the hidden service and its clients. If
+       the optional "secret-cookie" is used, this "descriptor-id" cannot be
+       computed by anyone else. (Everyone can verify that this
+       "descriptor-id" belongs to the rest of the descriptor, even without
+       knowing the optional "secret-cookie", as described below.) The
+       "descriptor-id" is calculated by performing the following operation:
 
          descriptor-id =
              H(permanent-id | H(time-period | secret-cookie | replica))
@@ -171,18 +171,25 @@ $Id$
 
          permanent-id = H(public-key)[:10]
 
-       "h(time-period, cookie, replica)" is the secret id part that is
+       "H(time-period | secret-cookie | replica)" is the (possibly secret)
+       id part that is
        necessary to verify that the hidden service is the true originator
        of this descriptor. It can only be created by the hidden service
        and its clients, but the "signature" below can only be created by
        the service.
 
-       "cookie" is a secret password of 120 bits that is shared between the
-       hidden service provider and its clients.
-        [XXXX Why 120? -NM]
+       "secret-cookie" is an optional secret password of 128 bits that is
+       shared between the hidden service provider and its clients.
 
        "replica" denotes the number of the non-consecutive replica.
-        [XXXX What does this mean? -NM]
+
+        (Each descriptor is replicated on a number of _consecutive_ nodes
+         in the identifier ring by making every storing node responsible
+         for the identifier intervals starting from its 3rd predecessor's
+         ID to its own ID. In addition to that, every service publishes
+         multiple descriptors with different descriptor IDs in order to
+         distribute them to different places on the ring. Therefore,
+         "replica" chooses one of the _non-consecutive_ replicas. -KL)
 
        The "time-period" changes periodically depending on the global time and
        as a function of "permanent-id". The current value for "time-period" can
@@ -233,22 +240,23 @@ $Id$
 
        [Exactly once]
 
-       A bitmask of allowed rendezvous protocols.
-          [XXXX what do the numbers this mean? And why a bitmask??? -NM]
+       A comma-separated list of recognized and permitted version numbers
+       for use in INTRODUCE cells; these versions are described in section
+       1.8 below.
 
      "introduction-points" NL encrypted-string
 
        [At most once]
 
-       A list of introduction points that is encrypted with AES in CTR mode
-       with a random initialization vector of 128 bits that is written to
-       the beginning of the encrypted string, and the secret key "cookie",
-       that is 120 bits long and padded with zeros to be 128 bits long.
-        [XXXX again, why 120 bits?? -NM]
+       A list of introduction points. If the optional "secret-cookie" is
+       used, this list is encrypted with AES in CTR mode with a random
+       initialization vector of 128 bits that is written to
+       the beginning of the encrypted string, and the "secret-cookie" as
+       secret key of 128 bits length.
 
-       The encrypted-string is encoded in base64, and surrounded with
-       "-----BEGIN AES ENCRYPTED MESSAGE-----" and
-       "-----END AES ENCRYPTED MESSAGE-----".
+       The string containing the introduction point data (either encrypted
+       or not) is encoded in base64, and surrounded with
+       "-----BEGIN MESSAGE-----" and "-----END MESSAGE-----".
 
        The unencrypted string may begin with:
 
@@ -263,8 +271,8 @@ $Id$
 
            [At start, exactly once]
 
-           The identifier of this introduction point.
-           [XXXX What's the identifier? -NM]
+           The identifier of this introduction point: the base-16 encoded
+           hash of this introduction point's identity key.
 
          "ip-address" ip-address NL
 
@@ -297,7 +305,11 @@ $Id$
 
            [Any number]
            [XXXX this is valid at the start *and* at the end? -NM]
-
+           [These are two separate "authentication" fields. The one above
+            is global and independent from the introduction points, and
+            this one is specific for one introduction point. Should we use
+            different names for them? -KL]
+           [Probably. -NM]
 
         (This ends the fields in the encrypted portion of the descriptor.)