[tor-bugs] #17579 [Tor]: Split tor-gencert into "make cert" and "sign" portions
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 10 17:55:16 UTC 2015
#17579: Split tor-gencert into "make cert" and "sign" portions
-----------------------------+--------------------------------
Reporter: nickm | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+--------------------------------
The only part of tor-gencert that wants to stay offline is the part that
actually uses the master identity key to sign the certificate. All the
rest of generating the cert could be done online.
If we made those changes, we would allow operators to leave their offline
gencert setups unmaintained for a very very very long time, which would
make it easier to keep master identity keys offline.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17579>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list