[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] changes file and manpage entry for AuthDirPinKeys

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] changes file and manpage entry for AuthDirPinKeys
From: nickm@xxxxxxxxxxxxxx
Date: Thu, 24 Sep 2015 15:29:44 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 24 Sep 2015 11:29:39 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 51d18aeb425ba5127d8c68f386f3c58b5bbc38e1
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Wed Sep 23 11:30:17 2015 -0400

    changes file and manpage entry for AuthDirPinKeys
---
 changes/bug17135 |    7 +++++++
 doc/tor.1.txt    |    7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/changes/bug17135 b/changes/bug17135
new file mode 100644
index 0000000..0a0c57e
--- /dev/null
+++ b/changes/bug17135
@@ -0,0 +1,7 @@
+  o Major features (Ed25519 keys, keypinning)
+    - The key-pinning option on directory authorities is now
+      advisory-only by default. In a future version, or when the
+      AuthDirPinKeys option is set, pins are enforced again.
+      Disabling key-pinning seemed like a good idea so that we can
+      survive the fallout of any usability problems associated with
+      ed25519 keys. Closes ticket 17135.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 14b13bc..954c8fa 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2081,6 +2081,13 @@ on the public Tor network.
     or more is always sufficient to satisfy the bandwidth requirement
     for the Guard flag. (Default: 250 KBytes)
 
+[[AuthDirPinKeys]] **AuthDirPinKeys** **0**|**1**::
+    Authoritative directories only. If non-zero, do not allow any relay to
+    publish a descriptor if any other relay has reserved its <Ed25519,RSA>
+    identity keypair. In all cases, Tor records every keypair it accepts
+    in a journal if it is new, or if it differs from the most recently
+    accepted pinning for one of the keys it contains. (Default: 0)
+
 [[BridgePassword]] **BridgePassword** __Password__::
     If set, contains an HTTP authenticator that tells a bridge authority to
     serve all requested bridge information. Used by the (only partially



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/master] New AuthDirPinKeys option to enable/disable keypinning enforcement
Next by Author: [tor-commits] [tor/master] Merge branch 'underpinning_squashed'
Previous by thread: [tor-commits] [tor/master] New AuthDirPinKeys option to enable/disable keypinning enforcement
Next by thread: [tor-commits] [tor/master] Merge branch 'underpinning_squashed'
Index(es):
- Author
- Thread