[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] [tor-assistants] Python metrics-lib

To: Beck Chen <csybeck@xxxxxxxxx>
Subject: Re: [tor-dev] [tor-assistants] Python metrics-lib
From: Karsten Loesing <karsten@xxxxxxxxxxxxxx>
Date: Tue, 08 May 2012 09:05:18 +0200
Cc: tor-dev@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 08 May 2012 03:05:35 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=2FNqU4PpxIBGAM0pfmNO5dkK++hfLbBfwobAROmpkmk=; b=si2BN0UZS5mrl8OpzZ7zTmSnKq0ArGOdjiRCE9kSfHJO/+HVUax6GuDh7+mlc/5PQK 0zp/dlAWyXHi5Jq+enyog54UAJ3e3ar99wMyfFd8BcFyI20mC02tLYfV7UFe0k4L4BM5 yXcV8BSzrdkRCeRqgCiPCfFOcPEbJoOWdmN4UhDtj8AUhiv9S8ulDN0AlksrXCt42AU0 2PtR1dURxm+JEJwUlqO+wDWwQuXRDtnc0PP83/2hTguR2wh+o5jHGtSTZ/deUEzrov5c LStdoqDlGtpGnqSMHw9sylN5V0fE4LunN+yAjerilHPsAV85bZEDf6/GuGLFihUg8och gA7A==
In-reply-to: <CABqy+spvWXcPnX+hHrbmWhDE7K_OTN4yn+_z2aeS+XyWm0iMSA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAJdkzEPRi67s4t0dDUXO-RT8btvr9v_fBCE0PUvOxfBkE+tRBw@xxxxxxxxxxxxxx> <CAJdkzEOBV+0Zk-QNqjYcBBB7FuB-JgX3fAJvCqMS0dfLMVk-jQ@xxxxxxxxxxxxxx> <CADUJZNyHgJuQ9kf32kyhyrvn8JQ+9Bn-tsNBFbN7jFQM8G6svg@xxxxxxxxxxxxxx> <CAJdkzENYSum4QSQgPg=+uu1isNNx31sNkariWfkAZy=jVRZMVg@xxxxxxxxxxxxxx> <4FA4E45F.9020104@xxxxxxxxxxxxxx> <CADUJZNy3T1F_yS+W0xzTivFw=GUeeFy2x=-6OCcU2ROL4TRxxw@xxxxxxxxxxxxxx> <CAJdkzEMH+o6-EZZyW_R0hJsxmPqJO0w7yqb3GohDJ4XH=7pz2Q@xxxxxxxxxxxxxx> <4FA7924B.6020107@xxxxxxxxxxxxxx> <CADUJZNzEfcS_+Qu9BsWRx5NB3=DWPhS6eCGyngA3m868nz=N7A@xxxxxxxxxxxxxx> <4FA811C8.5020505@xxxxxxxxxxxxxx> <CADUJZNycYMdHxeZ9Cm0EMZ75g+v=UA5f0NH8b3JmyRmVKc3Pxw@xxxxxxxxxxxxxx> <CABqy+spvWXcPnX+hHrbmWhDE7K_OTN4yn+_z2aeS+XyWm0iMSA@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1

On 5/8/12 4:47 AM, Robert Ransom wrote:
> On 5/8/12, Beck Chen <csybeck@xxxxxxxxx> wrote:
> 
>> According to the outline, the long-term identity key should be different
>> from the
>> signing key, which changes every 3-12 months. Then why should the signing
>> key
>> become the identity key in the descriptor format, and fingerprint become
>> the hash
>> of the identity key?
> 
> The ârelay identity keyâ is not the same as the âauthority identity
> keyâ. The ârelay identity keyâ might also be different from the
> âdirectory signing keyâ; I'm not sure about that.

Relay identity key and directory signing key are indeed different.

Think of the authority identity key and directory signing key as a
different layer on top of stuff that all relays do.  When a relay
becomes a directory authority, the operator creates an offline authority
identity key and uses it to create an online directory signing key.
When the directory signing key expires, which usually happens once per
year, the operator creates a new one using the authority identity key
and uploads it.  The relay identity key and authority identity key
usually stay the same for a long time.

For example, here are the long-term keys for gabelmoo (from
src/or/config.c):

"gabelmoo orport=443 no-v2 "
  "v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 "
  "212.112.245.170:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",

The ED03... part is the hash of the authority identity key, the F204...
part is the relay identity.  The directory signing key is not
hard-coded.  You can find all directory signing keys here:

https://metrics.torproject.org/data/certs.tar.bz2

Best,
Karsten
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- Re: [tor-dev] [tor-assistants] Python metrics-lib
  - From: Karsten Loesing
- Re: [tor-dev] [tor-assistants] Python metrics-lib
  - From: Damian Johnson
- Re: [tor-dev] [tor-assistants] Python metrics-lib
  - From: Karsten Loesing
- Re: [tor-dev] [tor-assistants] Python metrics-lib
  - From: Beck Chen
- Re: [tor-dev] [tor-assistants] Python metrics-lib
  - From: Karsten Loesing
- Re: [tor-dev] [tor-assistants] Python metrics-lib
  - From: Beck Chen
- Re: [tor-dev] [tor-assistants] Python metrics-lib
  - From: Robert Ransom

Prev by Author: Re: [tor-dev] [tor-assistants] Python metrics-lib
Next by Author: [tor-dev] Proposal: Make bridges report statistics on daily v3 network status requests
Previous by thread: Re: [tor-dev] [tor-assistants] Python metrics-lib
Next by thread: Re: [tor-dev] [tor-assistants] Python metrics-lib
Index(es):
- Author
- Thread