[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #25203 [Core Tor/Tor]: document max. value of SigningKeyLifetime



#25203: document max. value of SigningKeyLifetime
------------------------------+--------------------------------
     Reporter:  cypherpunks   |      Owner:  (none)
         Type:  enhancement   |     Status:  new
     Priority:  Medium        |  Milestone:  Tor: 0.3.3.x-final
    Component:  Core Tor/Tor  |    Version:
     Severity:  Minor         |   Keywords:  easy, tor-doc
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
------------------------------+--------------------------------
 tor's manpage says:

 > SigningKeyLifetime N days|weeks|months
 > For how long should each Ed25519 signing key be valid? Tor uses a
 permanent master identity key that can be kept
 > offline, and periodically generates new "signing" keys that it uses
 online. This option configures their lifetime.
 > (Default: 30 days)

 It does not include information about what is the biggest acceptable
 value. Tor simply fails to start if the given value is to big:
 {{{
 [warn] Interval 'XX months' is too long
 [warn] Failed to parse/validate config: Interval 'SigningKeyLifetime XX
 months' is malformed or out of bounds.
 }}}

 Please also mention if there is a value for SigningKeyLifetime where it is
 actually less safe than running in non-OfflineMasterKey mode (maybe it is
 less safe to set it to 10y in OfflineMasterKey mode than to run in non-
 OfflineMasterKey mode?) and if it makes any sense to modify this value in
 non-OfflineMasterKey mode (because that is apparently possible).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25203>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs