[tor-talk] RSA identity keys

grarpamp grarpamp at gmail.com
Thu Sep 1 21:46:41 UTC 2011


>> Various other tools can utilize them for sign
>> and encrypt. A number of useful scenarious
>> can be envisioned.

> other stuff as well, and the two uses opened up attack vectors.

I didn't mean to suggest full general purpose use of these keys.
Minimally, users just need to be able to securely sign arbitrary things...

[> What would be much safer here would be to bootstrap trust from]
[> your Tor ID key to some other key]

>> But I can't put a passphrase on them

...which wouldn't be very secure for the general userbase. And
would yield easier unauthorized reassignment of that trust into
the downstream space.

> Much easier and possibly safer IMO is to look into a delegation
> mechanism, where identity keys are never actually loaded by Tor,
> and can be stored offline.

Well, then it's likely looking at some sort of agent/protocol involving
the controller. Managing that type of connection would be a pretty
advanced topic for the general user/operator.

Didn't think of the additional win of the optional passphrase effectively
securing the published descriptor params/config.


More information about the tor-talk mailing list