r15921@catbus: nickm | 2007-10-18 11:16:38 -0400

 Apply clarifications and comments from Karsten to rend-spec, with my own clarifications and comments.


svn:r12027

doc/spec/rend-spec.txt

@@ -146,21 +146,21 @@ $Id$
     to do that if he previously advertised some introduction points,
     and now he doesn't have any. -RD]
 
-   The format of a "V2" descriptor, that will probably used at some time in
+   The format of a "V2" descriptor, that will probably be used at some time
-   the future, is as follows:
+   in the future, is as follows:
 
      "rendezvous-service-descriptor" descriptor-id NL
 
        [At start, exactly once]
 
        Indicates the beginning of the descriptor. "descriptor-id" is a
-       temporary identifier of 160 bits formatted as 32 base32 chars that
+       periodically changing identifier of 160 bits formatted as 32 base32
-       can only be calculated by the hidden service and its clients,
+       chars that is calculated by the hidden service and its clients. If
-       i.e. by everyone who is aware of a "secret-cookie". (Further,
+       the optional "secret-cookie" is used, this "descriptor-id" cannot be
-       everyone can verify that this "descriptor-id" belongs to the rest
+       computed by anyone else. (Everyone can verify that this
-       of the descriptor, even without knowing "secret-cookie", as
+       "descriptor-id" belongs to the rest of the descriptor, even without
-       described below.) The "descriptor-id" is calculated by performing
+       knowing the optional "secret-cookie", as described below.) The
-       the following operation:
+       "descriptor-id" is calculated by performing the following operation:
 
          descriptor-id =
              H(permanent-id | H(time-period | secret-cookie | replica))
@@ -171,18 +171,25 @@ $Id$
 
          permanent-id = H(public-key)[:10]
 
-       "h(time-period, cookie, replica)" is the secret id part that is
+       "H(time-period | secret-cookie | replica)" is the (possibly secret)
+       id part that is
        necessary to verify that the hidden service is the true originator
        of this descriptor. It can only be created by the hidden service
        and its clients, but the "signature" below can only be created by
        the service.
 
-       "cookie" is a secret password of 120 bits that is shared between the
+       "secret-cookie" is an optional secret password of 128 bits that is
-       hidden service provider and its clients.
+       shared between the hidden service provider and its clients.
-        [XXXX Why 120? -NM]
 
        "replica" denotes the number of the non-consecutive replica.
-        [XXXX What does this mean? -NM]
+
+        (Each descriptor is replicated on a number of _consecutive_ nodes
+         in the identifier ring by making every storing node responsible
+         for the identifier intervals starting from its 3rd predecessor's
+         ID to its own ID. In addition to that, every service publishes
+         multiple descriptors with different descriptor IDs in order to
+         distribute them to different places on the ring. Therefore,
+         "replica" chooses one of the _non-consecutive_ replicas. -KL)
 
        The "time-period" changes periodically depending on the global time and
        as a function of "permanent-id". The current value for "time-period" can
@@ -233,22 +240,23 @@ $Id$
 
        [Exactly once]
 
-       A bitmask of allowed rendezvous protocols.
+       A comma-separated list of recognized and permitted version numbers
-          [XXXX what do the numbers this mean? And why a bitmask??? -NM]
+       for use in INTRODUCE cells; these versions are described in section
+       1.8 below.
 
      "introduction-points" NL encrypted-string
 
        [At most once]
 
-       A list of introduction points that is encrypted with AES in CTR mode
+       A list of introduction points. If the optional "secret-cookie" is
-       with a random initialization vector of 128 bits that is written to
+       used, this list is encrypted with AES in CTR mode with a random
-       the beginning of the encrypted string, and the secret key "cookie",
+       initialization vector of 128 bits that is written to
-       that is 120 bits long and padded with zeros to be 128 bits long.
+       the beginning of the encrypted string, and the "secret-cookie" as
-        [XXXX again, why 120 bits?? -NM]
+       secret key of 128 bits length.
 
-       The encrypted-string is encoded in base64, and surrounded with
+       The string containing the introduction point data (either encrypted
-       "-----BEGIN AES ENCRYPTED MESSAGE-----" and
+       or not) is encoded in base64, and surrounded with
-       "-----END AES ENCRYPTED MESSAGE-----".
+       "-----BEGIN MESSAGE-----" and "-----END MESSAGE-----".
 
        The unencrypted string may begin with:
 
@@ -263,8 +271,8 @@ $Id$
 
            [At start, exactly once]
 
-           The identifier of this introduction point.
+           The identifier of this introduction point: the base-16 encoded
-           [XXXX What's the identifier? -NM]
+           hash of this introduction point's identity key.
 
          "ip-address" ip-address NL
 
@@ -297,7 +305,11 @@ $Id$
 
            [Any number]
            [XXXX this is valid at the start *and* at the end? -NM]
-
+           [These are two separate "authentication" fields. The one above
+            is global and independent from the introduction points, and
+            this one is specific for one introduction point. Should we use
+            different names for them? -KL]
+           [Probably. -NM]
 
         (This ends the fields in the encrypted portion of the descriptor.)