[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 220 (revised): Migrate server identity keys to Ed25519

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal 220 (revised): Migrate server identity keys to Ed25519
From: Sebastian Hahn <hahn.seb@xxxxxx>
Date: Mon, 18 Aug 2014 02:40:24 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 17 Aug 2014 20:46:29 -0400
In-reply-to: <CAKDKvuyi85B+qM01Pc=KaZR2+2mgLSvufS7fOVtryRvw4Nc2eQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuyi85B+qM01Pc=KaZR2+2mgLSvufS7fOVtryRvw4Nc2eQ@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi Nick,

On 25 Feb 2014, at 17:18, Nick Mathewson <nickm@xxxxxxxxxxxxxx> wrote:
>   To mirror the way that authority identity keys work, we'll fully
>   support keeping Ed25519 identity keys offline; they'll be used to
>   sign long-ish term signing keys, which in turn will do all of the
>   heavy lifting.  A signing key will get used to sign the things that
>   RSA1024 identity keys currently sign.

There was a discussion of this point on tor-talk just now. s7r (one
of the nice support people) was also present, maybe he will follow up
here as well.

Basically, the operational complexity of doing this seems to be
under-appreciated here, and we're wondering if the added code
complexity can possibly be worth it. Maybe we should ask some of the
super big relays to weigh in.

Cheers
Sebastian
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Proposal 220 (revised): Migrate server identity keys to Ed25519
  - From: Nick Mathewson

Prev by Author: Re: [tor-dev] Proposal idea: Stop assigning (and eventually supporting) the Named flag
Next by Author: [tor-dev] Torflow error
Previous by thread: Re: [tor-dev] [GSoC] Consensus diffs - Sixth report
Next by thread: Re: [tor-dev] Proposal 220 (revised): Migrate server identity keys to Ed25519
Index(es):
- Author
- Thread