[tor-relays] switching to OfflineMasterKey mode
Nathaniel Suchy
me at lunorian.is
Wed Aug 29 00:51:54 UTC 2018
Thanks for the heads up.
On Tue, Aug 28, 2018 at 8:42 PM teor <teor at riseup.net> wrote:
>
> > On 29 Aug 2018, at 05:38, nusenu <nusenu-lists at riseup.net> wrote:
> >
> > Signed PGP part
> >
> >
> > Nathaniel Suchy:
> >> Is there a way to switch my current relays to use offline keys and
> >> invalidate the old keys without losing current stats?
> >
> > you can switch between the modes (OfflineMasterKey 0|1) but to get the
> best out of it,
> > it is best to start with fresh masterkeys that never touched an online
> > system
> >
> > (that means, creating a new set of keys and loosing the
> "history"/reputation of the relay)
>
> To be clear:
>
> You must create a new ed25519 key *and* a new RSA key.
>
> If you only change one, the directory authorities will drop your relay
> from the consensus. (This "key-pinning" is a security feature.)
>
> T
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180828/8c5f4b38/attachment.html>
More information about the tor-relays
mailing list