[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17349 [Tor]: Create an ed25519 shared randomness key for dirauths

Subject: Re: [tor-bugs] #17349 [Tor]: Create an ed25519 shared randomness key for dirauths
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 14 Oct 2015 23:13:51 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 14 Oct 2015 19:14:02 -0400
In-reply-to: <043.aa23f4ddc44ae755defc6cb75a75224c@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.aa23f4ddc44ae755defc6cb75a75224c@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17349: Create an ed25519 shared randomness key for dirauths
--------------------+------------------------------------
 Reporter:  asn     |          Owner:
     Type:  defect  |         Status:  new
 Priority:  Medium  |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor     |        Version:
 Severity:  Normal  |     Resolution:
 Keywords:          |  Actual Points:
Parent ID:  #16943  |         Points:
  Sponsor:          |
--------------------+------------------------------------
Changes (by s7r):

 * cc: s7r (added)


Comment:

 To keep symmetry the lifetime of the SR key will be equal to the lifetime
 of medium term signing key. This would mean 30 days by default, unless
 otherwise configured by SigningKeyLifetime in torrc on directory authority
 side.

 In order not to confuse directory authority operators with a lot of keys
 and subkeys, I recommend the SR ed25519 key to be only generated
 automatically by Tor if/when started as a directory authority and only be
 chained to the medium term signing key with exactly the same validity
 period. The SR key shouldn't be linked directly with the ed25519 master id
 key which can be kept offline, instead it'll be chained via an
 intermediary certificate. It would be nice if we could append this second
 intermediate certificate to already existent file 'ed25519_signing_cert'
 so we have a single certificate file in our keys folder.

 Manually calling '--keygen' shouldn't generate a SR key, this way we keep
 it simpler and don't have to add more commands for directory authorities
 and at the same time eliminate the possibility to accidentally generate
 useless SR keys on normal non directory authorities relays.

 The ed25519 master identity keys of directory authorities could be
 included in the consensus - this could come handy when/if we want to get
 rid of RSA ultimately (we plan to remove RSA1024 but directory authorities
 master identity RSA keys are > 1024 so they'll stick around for longer
 time with us for now).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17349#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17349 [Tor]: Create an ed25519 shared randomness key for dirauths
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #10599 [Tor Browser]: Investigate building TBB with SoftBound or AddressSanitizer
Next by Author: Re: [tor-bugs] #17349 [Tor]: Create an ed25519 shared randomness key for dirauths
Previous by thread: Re: [tor-bugs] #17349 [Tor]: Create an ed25519 shared randomness key for dirauths
Next by thread: Re: [tor-bugs] #17349 [Tor]: Create an ed25519 shared randomness key for dirauths
Index(es):
- Author
- Thread