Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T18:10:46Zhttps://gitlab.torproject.org/legacy/trac/-/issues/2768Write standalone directory document signature verification tools2020-06-13T18:10:46ZRobert RansomWrite standalone directory document signature verification toolsRight now, the only easy way for researchers to verify that they are using the actual Tor network consensuses/votes/descriptors is to verify Karsten's OpenPGP signature of the tarball (if there is one). Tor already contains code to veri...Right now, the only easy way for researchers to verify that they are using the actual Tor network consensuses/votes/descriptors is to verify Karsten's OpenPGP signature of the tarball (if there is one). Tor already contains code to verify those documents which have signatures; we should expose that code to researchers' scripts, too.
The extra-info descriptors and microdescriptors are authenticated by having their hashes published in other documents, rather than being signed directly, so they will be a bit trickier for simple tools to verify; we should postpone writing verification tools for those documents for now.Robert RansomRobert Ransom