The way I understand it is this: Relay fingerprints are based on the RSA key, which will go away eventually. The canonical identifier will be the identity. We should start that transition
Thanks Sebastian. In that case we should put more thought into this because fingerprints are foundational to our control and directory specifications. Commands, events, descriptors... really everything reference relays by fingerprint (or optionally sometimes nickname). Migrating to a new identifier is no small task.
First, I'd advise that we call these 'v2 fingerprints' so it's clear that we intend to substitute these anywhere traditional fingerprints are used.
Second, I would advise against truncated base64 identifiers. Fingerprints are 40 character hex. master-key-ed25519's base64 value can include slashes (such as "yp0fwtp4aa/VMyZJGz8vN7Km3zYet1YBZwqZEk1CwHI") which will be problematic for DirPort urls, GETINFO commands, etc.
The simplest solution would be to simply hexify these values. This will raise our fingerprint length from 40 to 64 characters which will slightly impact DirPorts [1], but otherwise I don't anticipate a problem with such a replacement.
============================================================
import base64
def hexify_id(ed25519_identifier): binary_id = base64.b64decode(ed25519_identifier + ((len(ed25519_identifier) % 4) * '=')) return bytes.hex(binary_id).upper()
identifier = 'yp0fwtp4aa/VMyZJGz8vN7Km3zYet1YBZwqZEk1CwHI' print('the hex id of "%s" is "%s"' % (identifier, hexify_id(identifier)))
============================================================
% python3.7 demo.py the hex id of "yp0fwtp4aa/VMyZJGz8vN7Km3zYet1YBZwqZEk1CwHI" is "CA9D1FC2DA7869AFD53326491B3F2F37B2A6DF361EB75601670A99124D42C072"
============================================================
Cheers! -Damian
[1] At most 96 server or extrainfo descriptors can be downloaded from DirPorts via their fingerprint due to a limitation on the url length by squid proxies...
https://gitweb.torproject.org/stem.git/commit/?id=871a957f
Maybe this is no longer relevant? If it is then raising the fingerprint length from 40 to 64 will reduce this maximum to 60 (which seems fine to me).