[tor-dev] documentation for new offline master key functionality (--keygen is undocumented)

teor teor2345 at gmail.com
Mon Nov 16 00:59:58 UTC 2015

On 16 Nov 2015, at 04:51, nusenu <nusenu at openmailbox.org> wrote:

>>> Is the offline master key limited to ed25519 keys and useless
>>>> while using ed25519 + RSA keys at the same time? (because the RSA
>>>> key is not offline?)
>> Hmmm. Probably yes. Until transition (until we remove permanently RSA
>> identities) only the ed25519 key will be protected, RSA key will have
>> to be online. Even in this case, directory authorities remember relays
>> by their ed25519 + RSA pair of identities. If just one of them
>> changes, that relay will be rejected.
> Ok, so I guess the only reason to use offline master keys now is to not
> have to start from scratch once RSA keys are deprecated for real.

A compromised relay's RSA key can't be used to run another relay without the corresponding offline ed25519 key.
(I am assuming that a RSA key with a missing ed25519 key is treated the same as a RSA key with a different ed25519 key: the authorities reject the relay with the missing ed25519 key from the consensus.)

This is a good reason to use offline ed25519 master keys, which doesn't relay on RSA keys being deprecated/removed.

Tim (teor)

More information about the tor-dev mailing list