[tor-dev] tor ignores --SigningKeyLifetime when keys exist
s7r at sky-ip.org
Sat Nov 28 12:48:54 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 11/28/2015 2:26 PM, nusenu wrote:
> The important info for me here is: How is "about to expire"
> defined? x days before expiry or
I think 24 hours before expiry.
> 80% of its lifetime is over?
> Can it be configured?
No. This would not be helpful - complicating the already complicated
code for this feature which wouldn't solve/fix or make anything
> yes that is correct. So for the workaround of the workaround I
> will simply invoke tor twice. First time without --keygen for key
> generation, then with --keygen for signing key renewal.
> thanks for the quick reply.
Hey, welcome :)
That sounds good to me.
Yeah, we built it with a logic that will work for all types of
operators, people with less experience with Tor and can easily make
mistakes, misconfigurations, etc. Advanced users like you who code
scripts can always find workarounds.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
-----END PGP SIGNATURE-----
More information about the tor-dev