[tor-commits] [torspec/master] Merge prop274; mark it closed.

nickm at torproject.org nickm at torproject.org
Tue May 16 13:33:24 UTC 2017 

commit 78636a3911b2db96ff80194d1309f72acf66fd59
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue May 16 09:33:21 2017 -0400

    Merge prop274; mark it closed.
---
 dir-spec.txt                             | 11 +++++++++++
 proposals/000-index.txt                  |  4 ++--
 proposals/274-rotate-onion-keys-less.txt |  2 +-
 tor-spec.txt                             | 10 ++++++----
 4 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/dir-spec.txt b/dir-spec.txt
index d6ad9d8..4c842e8 100644
--- a/dir-spec.txt
+++ b/dir-spec.txt
@@ -1911,6 +1911,17 @@
         client should no longer try to find a diff for it.  (min 0,
         max 8192, default 72)
 
+        onion key lifetime parameters:
+            "onion-key-rotation-days" -- (min 1, max 90, default 28)
+            "onion-key-grace-period-days" -- (min 1, max
+                                 onion-key-rotation-days, default 7)
+        Every relay should list each onion key it generates for
+        onion-key-rotation-days days after generating it, and then
+        replace it.  Relays should continue to accept their most recent
+        previous onion key for an additional onion-key-grace-period-days
+        days after it is replaced.  (Introduced in 0.3.1.1-alpha;
+        prior versions of tor hardcoded both of these values to 7 days.)
+
     "shared-rand-previous-value" SP NumReveals SP Value NL
 
         [At most once]
diff --git a/proposals/000-index.txt b/proposals/000-index.txt
index bba6534..57392e4 100644
--- a/proposals/000-index.txt
+++ b/proposals/000-index.txt
@@ -194,7 +194,7 @@ Proposals by number:
 271  Another algorithm for guard selection [CLOSED]
 272  Listed routers should be Valid, Running, and treated as such [CLOSED]
 273  Exit relay pinning for web services [DRAFT]
-274  Rotate onion keys less frequently [FINISHED]
+274  Rotate onion keys less frequently [CLOSED]
 275  Stop including meaningful "published" time in microdescriptor consensus [OPEN]
 276  Report bandwidth with lower granularity in consensus documents [OPEN]
 277  Detect multiple relay instances running with same ID [OPEN]
@@ -280,7 +280,6 @@ Proposals by status:
    232  Pluggable Transport through SOCKS proxy [in 0.2.6]
    244  Use RFC5705 Key Exporting in our AUTHENTICATE calls [in 0.3.0.1-alpha]
    260  Rendezvous Single Onion Services [in 0.2.9.3-alpha]
-   274  Rotate onion keys less frequently [in 0.3.1.1-alpha]
    278  Directory Compression Scheme Negotiation [in 0.3.1.1-alpha]
  CLOSED:
    101  Voting on the Tor Directory System [in 0.2.0.x]
@@ -351,6 +350,7 @@ Proposals by status:
    264  Putting version numbers on the Tor subprotocols [in 0.2.9.4-alpha]
    271  Another algorithm for guard selection [in 0.3.0.1-alpha]
    272  Listed routers should be Valid, Running, and treated as such [in 0.2.9.3-alpha, 0.2.9.4-alpha]
+   274  Rotate onion keys less frequently [in 0.3.1.1-alpha]
  SUPERSEDED:
    112  Bring Back Pathlen Coin Weight
    113  Simplifying directory authority administration
diff --git a/proposals/274-rotate-onion-keys-less.txt b/proposals/274-rotate-onion-keys-less.txt
index 7c17873..d3a962a 100644
--- a/proposals/274-rotate-onion-keys-less.txt
+++ b/proposals/274-rotate-onion-keys-less.txt
@@ -2,7 +2,7 @@ Filename: 274-rotate-onion-keys-less.txt
 Title: Rotate onion keys less frequently.
 Author: Nick Mathewson
 Created: 20-Feb-2017
-Status: Finished
+Status: Closed
 Implemented-In: 0.3.1.1-alpha
 
 1. Overview
diff --git a/tor-spec.txt b/tor-spec.txt
index fdb8535..f61e98f 100644
--- a/tor-spec.txt
+++ b/tor-spec.txt
@@ -147,9 +147,10 @@ see tor-design.pdf.
     - A long-term signing-only "Identity key" used to sign documents and
       certificates, and used to establish relay identity.
     - A medium-term TAP "Onion key" used to decrypt onion skins when accepting
-      circuit extend attempts.  (See 5.1.)  Old keys MUST be accepted for at
-      least one week after they are no longer advertised.  Because of this,
-      relays MUST retain old keys for a while after they're rotated.
+      circuit extend attempts.  (See 5.1.)  Old keys MUST be accepted for a
+      while after they are no longer advertised.  Because of this,
+      relays MUST retain old keys for a while after they're rotated.  (See
+      "onion key lifetime parameters" in dir-spec.txt.)
     - A short-term "Connection key" used to negotiate TLS connections.
       Tor implementations MAY rotate this key as often as they like, and
       SHOULD rotate this key at least once a day.
@@ -160,7 +161,8 @@ see tor-design.pdf.
       accepting incoming circuit extend requests.  As with TAP onion keys,
       old ntor keys MUST be accepted for at least one week after they are no
       longer advertised.  Because of this, relays MUST retain old keys for a
-      while after they're rotated.
+      while after they're rotated. (See "onion key lifetime parameters" in
+      dir-spec.txt.)
 
    These are Ed25519 keys:

More information about the tor-commits mailing list