[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #10324 [Tor]: Sign status documents with RSA2048



#10324: Sign status documents with RSA2048
-------------------------+---------------------
 Reporter:  ln5          |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Tor          |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+---------------------
 Directory authorities sign status documents (votes and consensuses) with a
 1024 bit RSA key called a directory signing key. These keys are typically
 valid for one year. Being in possession of a majority of the signing keys
 means that you control the consensus. We should start signing with RSA2048
 instead.

 I've been testing signing votes and consensuses in a Chutney network. All
 but 0.2.0.x clients seem happy to bootstrap using a consensus signed with
 a 2048 bit key. Directory authorities running 0.2.4.18-rc and
 0.2.5.1-alpha are happily voting and signing together.

 I'm going to create a new signing key for maatuska and see if the Tor
 network is happy too. If that turns out OK, I'm going to suggest that tor-
 gencert.c is changed to create 2048 bit keys and then ask other authority
 operators to generate new keys using that version.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10324>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs