commit 0dd48bfe5aab9ca213dfbacd3b2ee8710a584405 Author: Nick Mathewson nickm@torproject.org Date: Tue Dec 13 08:54:38 2016 -0500

Change the default of AuthDirPinKeys to 1.

Closes ticket 18319. --- changes/ticket18319 | 4 ++++ doc/tor.1.txt | 2 +- src/or/config.c | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/changes/ticket18319 b/changes/ticket18319 new file mode 100644 index 0000000..41c5b56 --- /dev/null +++ b/changes/ticket18319 @@ -0,0 +1,4 @@ + o Minor features (directory authority, security): + - The default for AuthDirPinKeys is now 1: directory authorities will + reject relays where the RSA identity key matches a previously seen + value, but the Ed25519 key has changed. Closes ticket 18319. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 9b8a0f0..5845b1a 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -2265,7 +2265,7 @@ on the public Tor network. publish a descriptor if any other relay has reserved its <Ed25519,RSA> identity keypair. In all cases, Tor records every keypair it accepts in a journal if it is new, or if it differs from the most recently - accepted pinning for one of the keys it contains. (Default: 0) + accepted pinning for one of the keys it contains. (Default: 1)

[[AuthDirSharedRandomness]] **AuthDirSharedRandomness** **0**|**1**:: Authoritative directories only. Switch for the shared random protocol. diff --git a/src/or/config.c b/src/or/config.c index a4d063d..0c4200d 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -211,7 +211,7 @@ static config_var_t option_vars_[] = { V(AuthDirInvalidCCs, CSV, ""), V(AuthDirFastGuarantee, MEMUNIT, "100 KB"), V(AuthDirGuardBWGuarantee, MEMUNIT, "2 MB"), - V(AuthDirPinKeys, BOOL, "0"), + V(AuthDirPinKeys, BOOL, "1"), V(AuthDirReject, LINELIST, NULL), V(AuthDirRejectCCs, CSV, ""), OBSOLETE("AuthDirRejectUnlisted"),