[tor-relays] switching to OfflineMasterKey mode
teor
teor at riseup.net
Wed Aug 29 00:41:40 UTC 2018
> On 29 Aug 2018, at 05:38, nusenu <nusenu-lists at riseup.net> wrote:
>
> Signed PGP part
>
>
> Nathaniel Suchy:
>> Is there a way to switch my current relays to use offline keys and
>> invalidate the old keys without losing current stats?
>
> you can switch between the modes (OfflineMasterKey 0|1) but to get the best out of it,
> it is best to start with fresh masterkeys that never touched an online
> system
>
> (that means, creating a new set of keys and loosing the "history"/reputation of the relay)
To be clear:
You must create a new ed25519 key *and* a new RSA key.
If you only change one, the directory authorities will drop your relay
from the consensus. (This "key-pinning" is a security feature.)
T
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180829/26fcbe7e/attachment.sig>
More information about the tor-relays
mailing list