[tor-bugs] #22029 [Core Tor/Tor]: Allow ed25519 keys to be banned in the approved-routers file
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 26 01:50:55 UTC 2017
#22029: Allow ed25519 keys to be banned in the approved-routers file
--------------------------+------------------------------------
Reporter: teor | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points: 1
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by teor):
Replying to [comment:1 dgoulet]:
> Oh fine idea!
>
> Quick question here. Can a relay have N rsa keys (for N > 1) for 1
ed25519 key and still keep it's uptime/weight?
Yes, but not for long.
The directory authorities keep a key pinning journal, but don't enforce
it.
When we turn on key pinning, authorities won't vote for relays that change
one key and keep the other the same.
> I'm asking here because we currently block by RSA fingerprint but what
if I can rotate that everyday (or when blocked) but still keep my
consensus weight because my ed25519 is still recognized by dirauths?
The bandwidth script uses RSA fingerprints, so changing your RSA removes
all your bandwidth.
In the far future, when we remove RSA keys, we will want to have a file
that bans both RSA and ed25519 keys, to make the transition easier.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22029#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list