>>>> Is the offline master key limited to ed25519 keys and useless >>>>> while using ed25519 + RSA keys at the same time? (because the >>>>> RSA key is not offline?) >>> Hmmm. Probably yes. Until transition (until we remove permanently >>> RSA identities) only the ed25519 key will be protected, RSA key >>> will have to be online. Even in this case, directory authorities >>> remember relays by their ed25519 + RSA pair of identities. If >>> just one of them changes, that relay will be rejected. >> Ok, so I guess the only reason to use offline master keys now is to >> not have to start from scratch once RSA keys are deprecated for >> real. > > A compromised relay's RSA key can't be used to run another relay > without the corresponding offline ed25519 key. (I am assuming that a > RSA key with a missing ed25519 key is treated the same as a RSA key > with a different ed25519 key: the authorities reject the relay with > the missing ed25519 key from the consensus.) > > This is a good reason to use offline ed25519 master keys, which > doesn't relay on RSA keys being deprecated/removed. According to tor's changelog, key pinning is not enforced currently (changelog of 0.2.7.3-rc): https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=release-0.2.7#n89
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev