[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


On 11/28/2015 2:26 PM, nusenu wrote:
> The important info for me here is: How is "about to expire"
> defined? x days before expiry or

I think 24 hours before expiry.

> 80% of its lifetime is over?

No.

> Can it be configured?

No. This would not be helpful - complicating the already complicated
code for this feature which wouldn't solve/fix or make anything
better/easier.

> yes that is correct. So for the workaround of the workaround I
> will simply invoke tor twice. First time without --keygen for key
> generation, then with --keygen for signing key renewal.
> 
> thanks for the quick reply.

Hey, welcome :)
That sounds good to me.
Yeah, we  built it with a logic that will work for all types of
operators, people with less experience with Tor and can easily make
mistakes, misconfigurations, etc. Advanced users like you who code
scripts can always find workarounds.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJWWaK1AAoJEIN/pSyBJlsRF04IANfxG9/i+WbAVt2HwY5yOWb5
SwCYQvyMHWrUBFC8MexdOQZnKZ9NLfngJ4O5yO+4+BTDFSNy1FZilkjN3MY1Uaix
ZIG9hmFiZMRpEks7LJWtL1SvQF5bE/H4UlyEsrPmNjE3m+mZqPB1XfRj4f0/dXFE
pFrHIV3YCHBgezpN7ZxMiyQZZGpTXmOh+ee0MLJ51NvHzZwYFCrAiIEbMYJdnuQ4
as4WEzT9frX1N9Tmq0Tkg9BmeROvyeUsFfuKvgh+g2AeaNHgI8HJUWbM86IFDKSd
Gs+OpkL9ot+3ecZ//PdlfBzSobkyZ4gwh53CrPNLgyptXwGoU2T4HWd0hWb9L8g=
=ncc0
-----END PGP SIGNATURE-----
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev