[tor-dev] Let's identify which measurement-related tools need work when relays switch from RSA identities to ed25519 identities

Karsten Loesing karsten at torproject.org
Sun Sep 13 14:20:25 UTC 2015

Hash: SHA1

On 08/09/15 18:16, Damian Johnson wrote:
>>> Hi Karsten. Quick question: with the switchover are relay
>>> fingerprints going away? That is to say, server descriptors no
>>> longer have a...
>>> fingerprint D203 4DDF 1275 A234 4F66 9935 A3EF B908 FFC7 AE9A
>>> ... line, and router status entries don't have it on their
>>> dir-source?
> If not, what in particular are being dropped?
>>> Cheers! -Damian
>> yes, I think that's the plan.  Please see proposal 220, Sections
>> 8 and 9 for some more details.
> Thanks Karsten. Now that I know this isn't a completely foolish 
> question adding tor-dev@ back in.
> If we're dropping the fingerprint that's a lot more invasive. 
> Fingerprints are relay's canonical identity, and simply dropping
> them will break... a lot. I'd suggest instead relays should
> continue to have a fingerprint but that it's the 40 character hex
> hash of the ed25519 identity.

It's true, dropping the fingerprint is quite invasive and might break
things.  But that's why we're making plans now to make this transition
as smooth as possible.

However, I don't think that we can get away by just replacing the
existing 20 byte long RSA key digest with a 20 byte long hash of the
new, 32 byte long ed25519 key.  There are probably cryptographic
reasons for that.  But in addition to that, there should be a time
when relays use both fingerprints in parallel so that directory
authorities and other tools can build a map from old to new
identities.  Otherwise, relays would lose all their history only
because they are switching from RSA to ed25519, and wouldn't that be
sad?  There might be more reasons that I'm currently not thinking of.
 But: I'm not making this call, I'm just thinking about the possible
impact of this change and which code needs to be updated.

How about we talk more about this in Berlin together with Nick?  Maybe
take a look at the list I wrote and think of other code that will need
work when this change actually takes place?

All the best,

> On a side note it would be nice to have a spec patch before
> changing things this time. Sections 8 and 9 are a fine summary, but
> it's not clear to me precisely how the descriptors are changing
> from it. They certainly don't say to me "we're dropping the
> fingerprint field". If that change went out without a spec patch
> first I'd borrow Mr. Potato Head's angry eyes to stare at its
> author.
> Cheers! -Damian _______________________________________________ 
> tor-dev mailing list tor-dev at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org


More information about the tor-dev mailing list