From ab37b5eabb7cf8a6883fb2466dc87fadbefd25ac Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Tue, 22 May 2018 09:00:10 -0400 Subject: [PATCH] clean up the description of the tls usage --- docs/proposed/http-storage-node-protocol.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/proposed/http-storage-node-protocol.rst b/docs/proposed/http-storage-node-protocol.rst index eb5e8d849..691ede2be 100644 --- a/docs/proposed/http-storage-node-protocol.rst +++ b/docs/proposed/http-storage-node-protocol.rst @@ -79,10 +79,10 @@ This protocol aims to satisfy the above requirements at a lower level of complex Communication with the storage node will take place using TLS. The TLS version and configuration will be dictated by an ongoing understanding of best practices. -The only requirement is that the certificate have a valid signature. -The storage node will publish the corresponding Subject Public Key Information hash (SPKI hash) -(e.g., via an introducer). -The SPKI hash will constitute the storage node's identity. +The storage node will present an x509 certificate during the TLS handshake. +Storage clients will require that the certificate have a valid signature. +The Subject Public Key Information (SPKI) hash of the certificate will constitute the storage node's identity. +The **tub id** portion of the storage node fURL will be replaced with the SPKI hash. When connecting to a storage node, the client will take the following steps to gain confidence it has reached the intended peer: