Directory authority key certificates
Directory authorities create key certificates to certify
their medium-term signing keys (KP_auth_sign_rsa)
with their long-term authority identity keys (KP_auth_id_rsa).
An authority key certificate is a netdoc. Authority key certificates can appear as a sub-section of other documents, notably network status votes.
Authorities MUST generate a new signing key and corresponding certificate before the key expires.
Authority key certificate items
dir-key-certificate-version — Introduce an auth key cert
dir-key-certificate-versionversion ..- At start, exactly once
States the protocol version of the key certificate.
version MUST be 3.
Implementations MUST reject formats they don’t understand.
dir-address — Public directory service address
dir-addressaddress:port ..- At most once
The IP address and TCP port at which this authority serves directory requests over HTTP,
fingerprint — authority identity, H(KP_auth_id_rsa)
fingerprintfingerprint ..- Exactly once.
fingerprint is SHA1(DER(KP_auth_id_rsa)), in uppercase hex.
dir-key-published — Certificate generation time
dir-key-publisheddate time ..- Exactly once.
date and time are as for
published in a router descriptor.
The time when this document and corresponding key were last generated.
Implementations SHOULD reject certificates that are published too far in the future, though they MAY tolerate some clock skew.
dir-key-expires – Certificate expiry time
dir-key-expiresdate time ..- Exactly once.
The time after which this certificate is no longer valid.
date and time are
as for dir-key-published.
Implementations SHOULD reject expired certificates, though they MAY tolerate some clock skew.
dir-identity-key — authority identity key, KP_auth_id_rsa
dir-identity-key- key_ Object,
RSA PUBLIC KEY - Exactly once.
- No extra arguments
The long-term authority identity key KP_auth_id_rsa for this authority. key is a DER PKCS#1 RSAPublicKey structure encoded as an Object.
This key SHOULD be at least 2048 bits long; it MUST NOT be shorter than 1024 bits.
dir-signing-key — Signing key, KP_auth_sign_rsa
dir-signing-key- key_ Object,
RSA PUBLIC KEY - Exactly once
- No extra arguments.
The directory server’s public signing key KP_auth_sign_rsa.
This key MUST be at least 1024 bits, and MAY be longer.
dir-key-crosscert — Cross-certificate by KP_auth_sign_rsa
dir-key-crosscert- CrossSignature, Object
ID SIGNATUREorSIGNATURE - Exactly once.
- No extra arguments.
CrossSignature is a signature, made using the certificate’s signing
key KP_auth_sign_rsa, of the PKCS1-padded hash of the certificate’s
identity key: SHA1(DER(KP_auth_id_rsa)).
For backward compatibility with broken versions of the
parser, we wrap the base64-encoded signature in
-----BEGIN ID SIGNATURE---- and -----END ID SIGNATURE----- tags.
Implementations
MUST allow the “ID “ portion to be omitted, however.
Implementations MUST verify that the signature is a correct signature of the hash of the identity key using the signing key.
dir-key-certification — Signature
dir-key-certification- RSA signature of the document by KP_auth_id_rsa.
- At end, exactly once.
- No extra argument.
Forbidden item keywords in authority key certificates
Authority key certificates are embedded in votes. A vote’s structure is formed from items with certain keywords (“structural keywords”), which introduce sections or sub-documents.
Authority key certificates must be copied into votes verbatim so that the signatures are preserved.
This presents a possible parsing ambiguity when deconstructing a vote, especially for naive or partial parsers, if unexpected keywords appear in an authority certificate.
The precise processing rules below describe the boundaries of permissible behaviour for conformant implementations. A single parsing/processing/checking implementation can be used for all purposes provided it does all the checks.
Requirements for generators of authority key certificates
Authority key certificates MUST NOT be generated containing any items which are meaningful elsewhere in votes (or parts of votes).
Authority key certificates MUST be generated containing ONLY
items with keywords starting dir-,
or that are fingerprint.
fingerprintin an authcert is anomalous. There are nofingerprintitem elsewhere in votes.
Requirements for all parsers of votes
When parsing, documents where structural keywords
appear apparently within an authority certificate
(ie, between dir-key-certificate-version and dir-key-certification)
SHOULD be rejected.
For example, a vote where an authority key certificate contain items with any of the following keywords SHOULD be rejected:
rdirectory-footer
Documents (including votes and individual authority key certificates) where items meaningful elsewhere in votes appear in authority key certificates MAY be rejected.
Requirements for authorities when parsing votes
When parsing another authority’s vote, as part of determining the consensus, an authority MUST perform additional checks:
Votes (or individual authority certificates) where authority certificates’
dir-key-certificate-version and dir-key-certification
are not properly paired,
MUST be rejected (treated as unparseable).
Votes where items recognised elsewhere in a vote
appear within an authority certificate,
SHOULD be rejected.
For example, a vote SHOULD be rejected if an authority certificate
contains a client-versions item.
Requirements for authorities when generating votes
When an authority generates a vote,
authority certificates which are
included MUST be checked for r and directory-footer.
Authority certificates SHOULD be checked for
keywords which are structural in votes,
or which don’t start with dir- and aren’t fingerprint.
In each case, if such a keyword is checked for and found, the authority certificate MUST NOT be included in the vote. These checks MAY be performed during parsing of documents arriving from other authorities.