r7058@Kushana: nickm | 2006-08-08 23:53:46 -0700

 Clarify point about certs. We have been over this before, but it seems simpler than what we are considering now.

svn:r6997

diff --git a/doc/tor-spec.txt b/doc/tor-spec.txt
index 1179f131f61f6a7fbd1aa7fc56c49c3c6d9e95c7..c1f0cd9eee68031927868eaa4303aafe37e822c6 100644 (file)
--- a/doc/tor-spec.txt
+++ b/doc/tor-spec.txt
@@ -322,6 +322,12 @@ when do we rotate which keys (tls, link, etc)?
    hello cells, but only if those clients are nonconformant.  Am I right?
    In any case, this seems way more reliable.  -NM]
 
+   [IOW, the proposal would be: if the other side has a cert without OU=Tor,
+   send a HELLO cell. Otherwise, assume v0 unless they send a HELLO
+   cell.  Way simpler, right?  If we're dealing with something proxylike or
+   old, we might send an unexpected HELLO cell.  If they die, they were badly
+   written. -NM]
+
 5. Circuit management
 
 5.1. CREATE and CREATED cells