[tor-dev] OfflineMasterKey / ansible-relayor

[nusenu]

>> I copy/expose the following files to the relay:
>> > 
>> > [ 'ed25519_master_id_public_key', 'ed25519_signing_cert', 
>> > 'ed25519_signing_secret_key', 'secret_id_key', 'secret_onion_key', 
>> > 'secret_onion_key_ntor']
>> > 
>> > 
> When first setting up (new relay) or restoring the relay, yes. But
> when only renewing the ed25519 medium term signing key (if
> ansible-relayor will support this) you only need to copy/expose the
> following files to the relay:
> 
> ed25519_signing_cert, ed25519_signing_secret_key
> 
> If you also move secret_onion_key and secret_onion_key_ntor, it could
> mess Tor's internal automated key rotation, and the descriptors
> available to clients might become invalid, making it impossible for
> clients to extend circuits through this relay. That's why Tor keeps a
> .old version of these keys when rotating, so clients with older
> descriptors won't experience circuit failures when using this relay.
> 
> To detect this, either the user will let ansible-relayor know if he is
> setting up a new relay / restoring a relay or just renewing the
> ed25519 keys for a running relay, either read Tor's
> $datadirectory/keys folder and if secret_id_key exists, assume the latter.

thanks for the feedback!

Are secret_onion_* files required at all when restoring a relay?
(it doesn't look like it)

If you confirm that I would simply remove them from the list and never
copy them over.

remaining with these files:

ed25519_master_id_public_key
ed25519_signing_cert
ed25519_signing_secret_key
secret_id_key

(tor's manual page FILES section is not very verbose in that regard -
unfortunately)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151119/c82bc526/attachment.sig>