Description of Ed25519-SHA256-RFC5705 does not match C tor.
Found by @dgoulet.
In our spec, we say that the TLS key exporter should be called with its context field set to the initiator's KP_relayid_ed
. In reality, the C Tor implementation uses CID
, which is SHA256(KP_relayid_rsa) for initiator
.
Since it doesn't really matter what the context is here, we don't need to create a new authentication format... but we do need to document the one we have.