Module connection

Source
Expand description

TLS connection types.

§Commitment

During the TLS handshake the Notary receives the Server’s ephemeral public key, and this key serves as a binding commitment to the identity of the Server. The ephemeral key itself does not reveal the Server’s identity, but it is bound to it via a signature created using the Server’s X.509 certificate.

A Prover can withhold the Server’s signature and certificate chain from the Notary to improve privacy and censorship resistance.

§Proving the Server’s identity

A Prover can prove the Server’s identity to a Verifier by sending a ServerIdentityProof. This proof contains all the information required to establish the link between the TLS connection and the Server’s X.509 certificate. A Verifier checks the Server’s certificate against their own trust anchors, the same way a typical TLS client would.

Structs§

Certificate
X.509 certificate, DER encoded.
ConnectionInfo
TLS session information.
HandshakeDataV1_2
TLS 1.2 handshake data.
ServerCertCommitment
Commitment to a server certificate.
ServerCertData
Server certificate and handshake data.
ServerCertOpening
Opens a ServerCertCommitment.
ServerEphemKey
Server’s ephemeral public key.
ServerIdentityProof
TLS server identity proof.
ServerIdentityProofError
Error for ServerIdentityProof.
ServerName
Server’s name, a.k.a. the DNS name.
ServerSignature
Server’s signature of the key exchange parameters.
TranscriptLength
Transcript length information.

Enums§

CertificateVerificationError
Errors that can occur when verifying a certificate chain or signature.
HandshakeData
TLS handshake data.
KeyType
Type of a public key.
SignatureScheme
Signature scheme on the key exchange parameters.
TlsVersion
TLS version.