[tor-bugs] #25203 [Core Tor/Tor]: document max. value of SigningKeyLifetime
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Feb 10 09:50:56 UTC 2018
#25203: document max. value of SigningKeyLifetime
------------------------------+--------------------------------
Reporter: cypherpunks | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Minor | Keywords: easy, tor-doc
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------------
tor's manpage says:
> SigningKeyLifetime N days|weeks|months
> For how long should each Ed25519 signing key be valid? Tor uses a
permanent master identity key that can be kept
> offline, and periodically generates new "signing" keys that it uses
online. This option configures their lifetime.
> (Default: 30 days)
It does not include information about what is the biggest acceptable
value. Tor simply fails to start if the given value is to big:
{{{
[warn] Interval 'XX months' is too long
[warn] Failed to parse/validate config: Interval 'SigningKeyLifetime XX
months' is malformed or out of bounds.
}}}
Please also mention if there is a value for SigningKeyLifetime where it is
actually less safe than running in non-OfflineMasterKey mode (maybe it is
less safe to set it to 10y in OfflineMasterKey mode than to run in non-
OfflineMasterKey mode?) and if it makes any sense to modify this value in
non-OfflineMasterKey mode (because that is apparently possible).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25203>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list