Expand description
TLS connection types.
§Commitment
During the TLS handshake the Notary receives the Server’s ephemeral public key, and this key serves as a binding commitment to the identity of the Server. The ephemeral key itself does not reveal the Server’s identity, but it is bound to it via a signature created using the Server’s X.509 certificate.
A Prover can withhold the Server’s signature and certificate chain from the Notary to improve privacy and censorship resistance.
§Proving the Server’s identity
A Prover can prove the Server’s identity to a Verifier by sending a
ServerIdentityProof. This proof contains all the information required to
establish the link between the TLS connection and the Server’s X.509
certificate. A Verifier checks the Server’s certificate against their own
trust anchors, the same way a typical TLS client would.
Structs§
- Certificate
- X.509 certificate, DER encoded.
- Connection
Info - TLS session information.
- Handshake
Data V1_ 2 - TLS 1.2 handshake data.
- Server
Cert Commitment - Commitment to a server certificate.
- Server
Cert Data - Server certificate and handshake data.
- Server
Cert Opening - Opens a
ServerCertCommitment. - Server
Ephem Key - Server’s ephemeral public key.
- Server
Identity Proof - TLS server identity proof.
- Server
Identity Proof Error - Error for
ServerIdentityProof. - Server
Name - Server’s name, a.k.a. the DNS name.
- Server
Signature - Server’s signature of the key exchange parameters.
- Transcript
Length - Transcript length information.
Enums§
- Certificate
Verification Error - Errors that can occur when verifying a certificate chain or signature.
- Handshake
Data - TLS handshake data.
- KeyType
- Type of a public key.
- Signature
Scheme - Signature scheme on the key exchange parameters.
- TlsVersion
- TLS version.