[tor-dev] documentation for new offline master key functionality (--keygen is undocumented)

nusenu nusenu at openmailbox.org
Thu Nov 19 12:06:28 UTC 2015

>>>> Is the offline master key limited to ed25519 keys and useless
>>>>> while using ed25519 + RSA keys at the same time? (because the
>>>>> RSA key is not offline?)
>>> Hmmm. Probably yes. Until transition (until we remove permanently
>>> RSA identities) only the ed25519 key will be protected, RSA key
>>> will have to be online. Even in this case, directory authorities
>>> remember relays by their ed25519 + RSA pair of identities. If
>>> just one of them changes, that relay will be rejected.
>> Ok, so I guess the only reason to use offline master keys now is to
>> not have to start from scratch once RSA keys are deprecated for
>> real.
> A compromised relay's RSA key can't be used to run another relay
> without the corresponding offline ed25519 key. (I am assuming that a
> RSA key with a missing ed25519 key is treated the same as a RSA key
> with a different ed25519 key: the authorities reject the relay with
> the missing ed25519 key from the consensus.)
> This is a good reason to use offline ed25519 master keys, which
> doesn't relay on RSA keys being deprecated/removed.

According to tor's changelog, key pinning is not enforced currently
(changelog of


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151119/e25e11f6/attachment.sig>

More information about the tor-dev mailing list