[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist
From: s7r <s7r@xxxxxxxxxx>
Date: Sat, 28 Nov 2015 14:48:54 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 28 Nov 2015 07:49:11 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org; s=20110108; t=1448714948; bh=JkrzHwe08CIt+xeSMPl/Pv/hyaCToD7wyO5M1zFg00E=; h=Reply-To:Subject:References:To:From:Date:In-Reply-To; b=Vsp7M4lUlx8z7J/4q3O25b9besXo/KbkUbmfWdhEFy+ZuRo8SB6eWC9mmB9TLhbrH E7h/IzJAt+/BRwUfiGolzZohjEG0Ypy4KNOGz/YZo8URlofYU2PZsqwBQYwgD5LcJt 4ihbBp/CKlAiw98s0O4E45AL970L9WvR+XSp1QH8=
In-reply-to: <56599D8F.4000903@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <56599494.2040107@xxxxxxxxxxxxxxx> <565997A0.5060607@xxxxxxxxxx> <56599D8F.4000903@xxxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


On 11/28/2015 2:26 PM, nusenu wrote:
> The important info for me here is: How is "about to expire"
> defined? x days before expiry or

I think 24 hours before expiry.

> 80% of its lifetime is over?

No.

> Can it be configured?

No. This would not be helpful - complicating the already complicated
code for this feature which wouldn't solve/fix or make anything
better/easier.

> yes that is correct. So for the workaround of the workaround I
> will simply invoke tor twice. First time without --keygen for key
> generation, then with --keygen for signing key renewal.
> 
> thanks for the quick reply.

Hey, welcome :)
That sounds good to me.
Yeah, we  built it with a logic that will work for all types of
operators, people with less experience with Tor and can easily make
mistakes, misconfigurations, etc. Advanced users like you who code
scripts can always find workarounds.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJWWaK1AAoJEIN/pSyBJlsRF04IANfxG9/i+WbAVt2HwY5yOWb5
SwCYQvyMHWrUBFC8MexdOQZnKZ9NLfngJ4O5yO+4+BTDFSNy1FZilkjN3MY1Uaix
ZIG9hmFiZMRpEks7LJWtL1SvQF5bE/H4UlyEsrPmNjE3m+mZqPB1XfRj4f0/dXFE
pFrHIV3YCHBgezpN7ZxMiyQZZGpTXmOh+ee0MLJ51NvHzZwYFCrAiIEbMYJdnuQ4
as4WEzT9frX1N9Tmq0Tkg9BmeROvyeUsFfuKvgh+g2AeaNHgI8HJUWbM86IFDKSd
Gs+OpkL9ot+3ecZ//PdlfBzSobkyZ4gwh53CrPNLgyptXwGoU2T4HWd0hWb9L8g=
=ncc0
-----END PGP SIGNATURE-----
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist
  - From: nusenu

References:
- [tor-dev] tor ignores --SigningKeyLifetime when keys exist
  - From: nusenu
- Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist
  - From: s7r
- Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist
  - From: nusenu

Prev by Author: Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist
Next by Author: [tor-dev] running a BWauth
Previous by thread: Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist
Next by thread: Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist
Index(es):
- Author
- Thread