diff options
Diffstat (limited to 'docs/submission.md')
-rw-r--r-- | docs/submission.md | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/docs/submission.md b/docs/submission.md new file mode 100644 index 0000000..357f07a --- /dev/null +++ b/docs/submission.md @@ -0,0 +1,22 @@ +# Submission + +docdoc + +## Format + + NAME MAC + <PEM CHAIN> + silent-ct:separator + ... + <PEM CHAIN> + +`NAME`: identifier that the monitor uses to locate the right secret. + +`MAC`: HMAC with SHA256 as the hash function, computed for line two and forward. +The HMAC key is derived by the node and the monitor from their shared secret: + + hkdf := hkdf.New(sha256.New, SECRET, []byte("silent-ct"), NAME) + key := make([]byte, 16) + io.ReadFull(hkdf, key) + +`<PEM CHAIN>`: certificate chain in PEM format the node considers legitimate. |