AtHeartEngineer/specs
1
0
Fork 0
mirror of https://github.com/vacp2p/specs.git synced 2026-01-09 23:37:55 -05:00
Code Issues Packages Projects Releases Wiki Activity

always talk about private / public host key

Browse Source
This commit is contained in:
Marten Seemann
2019-03-06 16:45:44 +09:00
parent 0437cb7f8b
commit 565f205b21
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tls/tls.md
View File

@@ -27,14 +27,14 @@ Note for clients: Since clients complete the TLS handshake immediately after sen
### libp2p Public Key Extension
In order to prove ownership of its host key, an endpoint sends two values:
- the public key corresponding to its host key
- a signature performed using the host key
- the public host key
- a signature performed using the private host key
The public key corresponding to the host key allows the peer to calculate the peer ID of the peer it is connecting to. Clients MUST verify that the peer ID derived from the certificate matches the peer ID they intended to connect to, and MUST abort the connection if it there is a mismatch.
The public host key allows the peer to calculate the peer ID of the peer it is connecting to. Clients MUST verify that the peer ID derived from the certificate matches the peer ID they intended to connect to, and MUST abort the connection if it there is a mismatch.
The peer signs the public key that it used to generate the certificate carrying the libp2p Public Key Extension using the its host key. This signature provides cryptographic proof that the peer was in possession of the private key at the time the certificate was signed. Peers MUST verify the signature, and abort the connection attempt if signature verification fails.
The peer signs the public key that it used to generate the certificate carrying the libp2p Public Key Extension using the its private host key. This signature provides cryptographic proof that the peer was in possession of the private host key at the time the certificate was signed. Peers MUST verify the signature, and abort the connection attempt if signature verification fails.
The public key and the signature are ANS.1-encoded into the SignedKey data structure, which is carried in the libp2p Public Key Extension. The libp2p Public Key Extension is a x509 extension with the Object Identier 1.3.6.1.4.1.XXX.YYY.
The public host key and the signature are ANS.1-encoded into the SignedKey data structure, which is carried in the libp2p Public Key Extension. The libp2p Public Key Extension is a x509 extension with the Object Identier 1.3.6.1.4.1.XXX.YYY.
TODO: Nothing will break if we just use an arbitrary value for XXX. However, if we want to do things correctly, [OID](https://en.wikipedia.org/wiki/Object_identifier) PENs should be registered with [IANA](https://pen.iana.org/pen/PenApplication.page).
@@ -45,7 +45,7 @@ SignedKey ::= SEQUENCE {
}
```
The publicKey field of SignedKey contains the public key of the endpoint, encoded using the following protobuf.
The publicKey field of SignedKey contains the public host key of the endpoint, encoded using the following protobuf.
```protobuf
enum KeyType {