[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] does renewing ed25519 signing key hurt if done to often?

To: "tor-dev@xxxxxxxxxxxxxxxxxxxx" <tor-dev@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-dev] does renewing ed25519 signing key hurt if done to often?
From: nusenu <nusenu@xxxxxxxxxxxxxxx>
Date: Sat, 28 Nov 2015 13:02:53 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 28 Nov 2015 08:03:22 -0500
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1448715789; bh=t8w+IsWM5oHw96xBKDU4ywuXKxr3w26dPpxGAa98xyo=; h=To:From:Subject:Date:From; b=omysKUTeuFZm4eDiEU7E5LTzWJEqe0S86trqSTeMHMae4XqyncvQl3SDPkwB1eI8T HJDV4yIhzeHgKvcgRC3wmVMfEgOF4aDkcnf5T9hLHuPvLnC3yX7PS30oa0Gg0ll9IN dFFc26W6/n8C10UkY2heyk8NWzVwxEi97jL7Tdmg=
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1448715789; bh=t8w+IsWM5oHw96xBKDU4ywuXKxr3w26dPpxGAa98xyo=; h=To:From:Subject:Date:From; b=omysKUTeuFZm4eDiEU7E5LTzWJEqe0S86trqSTeMHMae4XqyncvQl3SDPkwB1eI8T HJDV4yIhzeHgKvcgRC3wmVMfEgOF4aDkcnf5T9hLHuPvLnC3yX7PS30oa0Gg0ll9IN dFFc26W6/n8C10UkY2heyk8NWzVwxEi97jL7Tdmg=
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

I'm wondering if it does any bad if ed25519 online keys are renewed
(to) often (i.e. on every ansible-playbook run and the admin runs it 3
times in a row to get it to complete on all hosts).



If key renewal causes all existing connections to die I'll try to
workaround the problem and make
tor --keygen
idempotent (replace the key only if its expiry changed).

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] does renewing ed25519 signing key hurt if done to often?
  - From: nusenu

Prev by Author: Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist
Next by Author: Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist
Previous by thread: Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist
Next by thread: Re: [tor-dev] does renewing ed25519 signing key hurt if done to often?
Index(es):
- Author
- Thread