[tor-commits] [torspec/master] Note TLS link key size and digest change in prop220
nickm at torproject.org
nickm at torproject.org
Thu Sep 22 15:12:25 UTC 2016
commit b2e42644dc39abe6c4960346fd588d8dcd0ab650
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Sep 22 11:12:20 2016 -0400
Note TLS link key size and digest change in prop220
---
proposals/220-ecc-id-keys.txt | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/proposals/220-ecc-id-keys.txt b/proposals/220-ecc-id-keys.txt
index 7a21f20..dd063e8 100644
--- a/proposals/220-ecc-id-keys.txt
+++ b/proposals/220-ecc-id-keys.txt
@@ -670,3 +670,11 @@ A.5. Reserved numbers
6: TLS authentication key certified by Ed25519 signing key
7: RSA cross-certificate for Ed25519 identity key
+
+A.6. Related changes
+
+ As we merge this, proposal, we should also extend link key size to
+ 2048 bits, and use SHA256 as the x509 cert algorithm for our link
+ keys. This will improve link security, and deliver better
+ fingerprinting resistence. See proposal 179 for an older discussion
+ of this issue.
More information about the tor-commits
mailing list