| rfc9799v2.txt | rfc9799.txt | |||
|---|---|---|---|---|
| skipping to change at line 739 ¶ | skipping to change at line 739 ¶ | |||
| The Second Layer Hidden Service Descriptor is signed, encrypted, and | The Second Layer Hidden Service Descriptor is signed, encrypted, and | |||
| encoded using a Message Authentication Code (MAC) in a way that only | encoded using a Message Authentication Code (MAC) in a way that only | |||
| a party with access to the secret key of the Hidden Service could | a party with access to the secret key of the Hidden Service could | |||
| manipulate what is published there. For more information about this | manipulate what is published there. For more information about this | |||
| process, see the "Hidden service descriptors: encryption format" | process, see the "Hidden service descriptors: encryption format" | |||
| section of [tor-spec]. | section of [tor-spec]. | |||
| 8.7. In-Band CAA | 8.7. In-Band CAA | |||
| Tor directory servers are inherently untrusted entities; as such, | Tor directory servers are inherently untrusted entities. As such, | |||
| there is no difference in the security model for accepting CAA | there is no difference in the security model for accepting CAA | |||
| records directly from the ACME client or fetching them over Tor. | records directly from the ACME client or fetching them over Tor: the | |||
| There is no difference in the security model between accepting CAA | CAA records are verified using the same hidden service key in either | |||
| records directly from the ACME client and fetching them over Tor; the | ||||
| CAA records are verified using the same Hidden Service key in either | ||||
| case. | case. | |||
| 8.8. Access of the Tor Network | 8.8. Access of the Tor Network | |||
| The ACME server MUST make its own connection to the Hidden Service | The ACME server MUST make its own connection to the Hidden Service | |||
| via the Tor network and MUST NOT outsource this to a third-party | via the Tor network and MUST NOT outsource this to a third-party | |||
| service, such as Tor2Web. | service, such as Tor2Web. | |||
| 8.9. Anonymity of the ACME Client | 8.9. Anonymity of the ACME Client | |||
| End of changes. 2 change blocks. | ||||
| 5 lines changed or deleted | 3 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||