29 Aug
2018
29 Aug
'18
12:41 a.m.
On 29 Aug 2018, at 05:38, nusenu nusenu-lists@riseup.net wrote:
Signed PGP part
Nathaniel Suchy:
Is there a way to switch my current relays to use offline keys and invalidate the old keys without losing current stats?
you can switch between the modes (OfflineMasterKey 0|1) but to get the best out of it, it is best to start with fresh masterkeys that never touched an online system
(that means, creating a new set of keys and loosing the "history"/reputation of the relay)
To be clear:
You must create a new ed25519 key *and* a new RSA key.
If you only change one, the directory authorities will drop your relay from the consensus. (This "key-pinning" is a security feature.)
T