[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] documentation for new offline master key functionality (--keygen is undocumented)

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] documentation for new offline master key functionality (--keygen is undocumented)
From: teor <teor2345@xxxxxxxxx>
Date: Mon, 16 Nov 2015 11:59:58 +1100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 15 Nov 2015 20:00:18 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:references:from:content-type:in-reply-to:message-id:date:to :content-transfer-encoding:mime-version; bh=bAsKrq5OhbcKL6dbQDoPoiES7UjvpEGYvsbSmEjUieY=; b=vNu3Zv5/pl7dHkILBxG26sYwfN0W52uq3N2dLQduZnUV6QJjID+XOpvwckwxJW4jCM jDMmh6lZegJ+os59jNZKeM7IS3fBmwGKdMvg5KghZnll39fEXAb6BPTjTNN/vBTFq35x fn9DXAtHdiKQm4HEXoqKrBXGK9lz26v8pGJskVQCBMkmRpfTMtezVNuL82RcIPnTHl26 PInrIEylgXIm6vE3953ejKKnxWLJwHeru47ohnKuseHAjrrLW1FzGxSFR1P7SUC810xy PT5WSKn4DuNgLFI06YF8C3UA9qJpVsK48vZxD9EKFTWT64RYSkmcNw8P24BkEQ+L93Sf 7BiA==
In-reply-to: <5648C60B.3060906@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <5646312E.9060504@xxxxxxxxxxxxxxx> <5648A6CB.5020306@xxxxxxxxxx> <5648C60B.3060906@xxxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 16 Nov 2015, at 04:51, nusenu <nusenu@xxxxxxxxxxxxxxx> wrote:

>>> Is the offline master key limited to ed25519 keys and useless
>>>> while using ed25519 + RSA keys at the same time? (because the RSA
>>>> key is not offline?)
>> Hmmm. Probably yes. Until transition (until we remove permanently RSA
>> identities) only the ed25519 key will be protected, RSA key will have
>> to be online. Even in this case, directory authorities remember relays
>> by their ed25519 + RSA pair of identities. If just one of them
>> changes, that relay will be rejected.
> Ok, so I guess the only reason to use offline master keys now is to not
> have to start from scratch once RSA keys are deprecated for real.

A compromised relay's RSA key can't be used to run another relay without the corresponding offline ed25519 key.
(I am assuming that a RSA key with a missing ed25519 key is treated the same as a RSA key with a different ed25519 key: the authorities reject the relay with the missing ed25519 key from the consensus.)

This is a good reason to use offline ed25519 master keys, which doesn't relay on RSA keys being deprecated/removed.

Tim (teor)

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] documentation for new offline master key functionality (--keygen is undocumented)
  - From: nusenu

References:
- [tor-dev] documentation for new offline master key functionality (--keygen is undocumented)
  - From: nusenu
- Re: [tor-dev] documentation for new offline master key functionality (--keygen is undocumented)
  - From: s7r
- Re: [tor-dev] documentation for new offline master key functionality (--keygen is undocumented)
  - From: nusenu

Prev by Author: Re: [tor-dev] documentation for new offline master key functionality (--keygen is undocumented)
Next by Author: Re: [tor-dev] Update of prop#250: Random Number Generation During Tor Voting
Previous by thread: Re: [tor-dev] documentation for new offline master key functionality (--keygen is undocumented)
Next by thread: Re: [tor-dev] documentation for new offline master key functionality (--keygen is undocumented)
Index(es):
- Author
- Thread