hsc_desc_enc configuration/enrollment arrangements
Currently we don't have any way to tell an Arti HSS about clients' desccriptor encryption keys KP_hsc_desc_enc. But we have agreed that we intend to provide something fairly raw and rudimentary, where the HSS operator just dumps clients' public key values somewhere (config, directory, or something).
Ideally we should have something more abstract or cooked for client enrolment. That is what this ticket is about.
Things it would be nice for it to do include:
- Allow a client that is being enrolled to supply a single file containing multiple keys (so that we can conveniently support a revised intro auth spec).
- Have a layer of indirection so that keys can be identified (maybe by nicknames). possible other client-specific config could be hung off it.
We had some thoughts about this in #1028. There is some overlap between that ticket and this one.
Also see comments of the form TODO (#1206)
.
Edited by Nick Mathewson