[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22029 [Core Tor/Tor]: Allow ed25519 keys to be banned in the approved-routers file



#22029: Allow ed25519 keys to be banned in the approved-routers file
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:
     Type:  enhancement   |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:  1
 Reviewer:                |        Sponsor:
--------------------------+------------------------------------

Comment (by teor):

 Replying to [comment:1 dgoulet]:
 > Oh fine idea!
 >
 > Quick question here. Can a relay have N rsa keys (for N > 1) for 1
 ed25519 key and still keep it's uptime/weight?

 Yes, but not for long.

 The directory authorities keep a key pinning journal, but don't enforce
 it.

 When we turn on key pinning, authorities won't vote for relays that change
 one key and keep the other the same.

 > I'm asking here because we currently block by RSA fingerprint but what
 if I can rotate that everyday (or when blocked) but still keep my
 consensus weight because my ed25519 is still recognized by dirauths?

 The bandwidth script uses RSA fingerprints, so changing your RSA removes
 all your bandwidth.

 In the far future, when we remove RSA keys, we will want to have a file
 that bans both RSA and ed25519 keys, to make the transition easier.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22029#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs