Specify TLS details in certain messages
Closed, ResolvedPublic


When an instance sends a relay list or relay request, it tells its peer or its relay how to contact its relays or its peers (and their relays), respectively. But if they're specified by IP addresses, rather than fully qualified domain names, it could be difficult for the recipient to know how to authenticate them. Therefore, it would be useful to allow (or require) the sender of the relay list or relay request to include information specifying which TLS certificates or public keys to expect the relays or peers to be using.

DANE's TLSA specification might be an inspiration.