>> Various other tools can utilize them for sign >> and encrypt. A number of useful scenarious >> can be envisioned.
> other stuff as well, and the two uses opened up attack vectors. I didn't mean to suggest full general purpose use of these keys. Minimally, users just need to be able to securely sign arbitrary things... [> What would be much safer here would be to bootstrap trust from] [> your Tor ID key to some other key] >> But I can't put a passphrase on them ...which wouldn't be very secure for the general userbase. And would yield easier unauthorized reassignment of that trust into the downstream space. > Much easier and possibly safer IMO is to look into a delegation > mechanism, where identity keys are never actually loaded by Tor, > and can be stored offline. Well, then it's likely looking at some sort of agent/protocol involving the controller. Managing that type of connection would be a pretty advanced topic for the general user/operator. Didn't think of the additional win of the optional passphrase effectively securing the published descriptor params/config. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
