On Wed, Aug 31, 2011 at 6:03 AM, grarpamp <grarp...@gmail.com> wrote: > Tor routers and hidden services use these. > > Various other tools can utilize them for sign > and encrypt. A number of useful scenarious > can be envisioned.
Hm. I'm not too fond of the idea of using Tor keys for other stuff too: there are historically a lot of attacks that have been opened up when a key that used to be single-purpose started getting used for other stuff as well, and the two uses opened up attack vectors. What would be much safer here would be to bootstrap trust from your Tor ID key to some other key -- for example, by including a gpg key in your contactinfo. If there's a good use for it, we could probably come up with more well-specified ways to do that. > But I can't put a passphrase on them > because I've no way to start Tor if > they have a passphrase set. > > Also, without a passphrase, they are more > prone to undesired use if copies are obtained. > > Can some future version of Tor be made to > deal with that using the usual sources > of passphrase... stdin, pathname, descriptor, > environment? Ala: apache and certs, ssh-agent, etc. Sounds like a fine thing to me, especially if somebody wants to code it. It shouldn't be too hard to do, though doing it _right_ would probably take a lot more effort. Much easier and possibly safer IMO is to look into a delegation mechanism, where identity keys are never actually loaded by Tor, and can be stored offline. You'd only use them to sign shorter-term signing keys, which would be the ones that Tor loaded. Authorities already have this; there would be some migration issues involved in doing it for routers, but it's definitely worth thinking about if anybody can come up with a good design that doesn't break backward compatibility. yrs, -- Nick _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
