On Sun, Oct 27, 2013 at 11:15 PM, Gregory Maxwell <[email protected]> wrote: > It also raises the point that perhaps future Tor HS should also > support delegation > so that the HS master identity key could be kept offline. E.g. you > have a HS identity > key, and it delegates to a short term HS key which has a lifetime of > only 1 month,
I think I posted or ticketed along these lines a year or two ago. The node keys were RSA so there was definitely utility in signing assertions or encrypting things with them. Problem was - tor didn't support passphrased keys at startup - keys were then exposed to the world on a clone box - they were only 1024 bit... most are moving to 2k/4k now. - those same node keys were also the top of the chain as far as tor knew about them. so you couldn't really have an integrated offline ca/signature/gen scheme in place above them that would effectively do anything as far as tor cared. - I didn't actually get to testing keyops with them yet, particularly to see if a sig/assert [self or other] on a pubkey was possible, and then would make it to and be preserved by the dirs. The concept died out largely for former reasons. > and perhaps has some kind of priority scheme such that a key with a higher > sequence number takes precedence. E.g. if someone compromises your key you can > instantly throw up a new service which people will connect to instead... I think freenet has sequence numbers of some sort. > If your HS (bastion) host is compromised you wouldn't completely lose > control of your HS identity. > > Might even be useful to pre-define a maximum sequence number such that > an announcement with > that sequence number blocks access. > So if your site is compromised > you can announce a pre-signed HS revocation which forever kills the > address so long as someone keeps periodically rebroadcasting it to Yes, right now you're screwed. Though I think a downloadable revocation crl would be better than forcing the former owner to stay online forever. > RPs. Directories >> a standardized OID or is widely supported in X.509 implementations - e.g., >> Curve25519. Thought there was an OID thread on one of the crypto lists this month. It may have been a joke though, I didn't read it closely. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
