commit b2e42644dc39abe6c4960346fd588d8dcd0ab650 Author: Nick Mathewson <nickm@torproject.org> Date: Thu Sep 22 11:12:20 2016 -0400 Note TLS link key size and digest change in prop220 --- proposals/220-ecc-id-keys.txt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/proposals/220-ecc-id-keys.txt b/proposals/220-ecc-id-keys.txt index 7a21f20..dd063e8 100644 --- a/proposals/220-ecc-id-keys.txt +++ b/proposals/220-ecc-id-keys.txt @@ -670,3 +670,11 @@ A.5. Reserved numbers 6: TLS authentication key certified by Ed25519 signing key 7: RSA cross-certificate for Ed25519 identity key + +A.6. Related changes + + As we merge this, proposal, we should also extend link key size to + 2048 bits, and use SHA256 as the x509 cert algorithm for our link + keys. This will improve link security, and deliver better + fingerprinting resistence. See proposal 179 for an older discussion + of this issue.