[tor-talk] RSA identity keys
nickm at alum.mit.edu
Thu Sep 1 20:18:03 UTC 2011
On Wed, Aug 31, 2011 at 6:03 AM, grarpamp <grarpamp at gmail.com> wrote:
> Tor routers and hidden services use these.
> Various other tools can utilize them for sign
> and encrypt. A number of useful scenarious
> can be envisioned.
Hm. I'm not too fond of the idea of using Tor keys for other stuff
too: there are historically a lot of attacks that have been opened up
when a key that used to be single-purpose started getting used for
other stuff as well, and the two uses opened up attack vectors.
What would be much safer here would be to bootstrap trust from your
Tor ID key to some other key -- for example, by including a gpg key in
your contactinfo. If there's a good use for it, we could probably
come up with more well-specified ways to do that.
> But I can't put a passphrase on them
> because I've no way to start Tor if
> they have a passphrase set.
> Also, without a passphrase, they are more
> prone to undesired use if copies are obtained.
> Can some future version of Tor be made to
> deal with that using the usual sources
> of passphrase... stdin, pathname, descriptor,
> environment? Ala: apache and certs, ssh-agent, etc.
Sounds like a fine thing to me, especially if somebody wants to code
it. It shouldn't be too hard to do, though doing it _right_ would
probably take a lot more effort.
Much easier and possibly safer IMO is to look into a delegation
mechanism, where identity keys are never actually loaded by Tor, and
can be stored offline. You'd only use them to sign shorter-term
signing keys, which would be the ones that Tor loaded. Authorities
already have this; there would be some migration issues involved in
doing it for routers, but it's definitely worth thinking about if
anybody can come up with a good design that doesn't break backward
More information about the tor-talk