[tor-bugs] #10324 [Tor]: Sign status documents with RSA2048
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 9 20:55:14 UTC 2013
#10324: Sign status documents with RSA2048
-------------------------+---------------------
Reporter: ln5 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+---------------------
Directory authorities sign status documents (votes and consensuses) with a
1024 bit RSA key called a directory signing key. These keys are typically
valid for one year. Being in possession of a majority of the signing keys
means that you control the consensus. We should start signing with RSA2048
instead.
I've been testing signing votes and consensuses in a Chutney network. All
but 0.2.0.x clients seem happy to bootstrap using a consensus signed with
a 2048 bit key. Directory authorities running 0.2.4.18-rc and
0.2.5.1-alpha are happily voting and signing together.
I'm going to create a new signing key for maatuska and see if the Tor
network is happy too. If that turns out OK, I'm going to suggest that tor-
gencert.c is changed to create 2048 bit keys and then ask other authority
operators to generate new keys using that version.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10324>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list