[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Proposal 220 (revised): Migrate server identity keys to Ed25519
Hi Nick,
On 25 Feb 2014, at 17:18, Nick Mathewson <nickm@xxxxxxxxxxxxxx> wrote:
> To mirror the way that authority identity keys work, we'll fully
> support keeping Ed25519 identity keys offline; they'll be used to
> sign long-ish term signing keys, which in turn will do all of the
> heavy lifting. A signing key will get used to sign the things that
> RSA1024 identity keys currently sign.
There was a discussion of this point on tor-talk just now. s7r (one
of the nice support people) was also present, maybe he will follow up
here as well.
Basically, the operational complexity of doing this seems to be
under-appreciated here, and we're wondering if the added code
complexity can possibly be worth it. Maybe we should ask some of the
super big relays to weigh in.
Cheers
Sebastian
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev