George, I would definitely create an extended transition time frame. 6 months or a year where both keys will work. just make it clear there is a cut off date.
And I think Adrelanos's concept is a valid one. Since we may need to do this again, why not put a structure in place that facilitates upgrades to the system itself.
On Fri, May 17, 2013 at 3:09 PM, adrelanos adrelanos@riseup.net wrote:
George Kadianakis:
Thoughts?
Can you make .onion domains really long and therefor really safe against brute force?
Or have an option for maximum key length and a weaker default if common CPU's are still too slow? I mean, if you want to make 2048 bit keys the default because you feel most hidden services have CPU's which are too slow for 4096 bit keys, then use 2048 bit as default with an option to use the max. of 4096 bit.
Bonus point: Can you make the new implementation support less painful updates (anyone or everyone) when the next update will be required? (forward compatibility) _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev