Re: [tor-dev] OfflineMasterKey / ansible-relayor

> Some suggestions: > > - don't copy the ed25519_master_id_public_key file. If it is missing, > Tor will just compute it from the certificate and save it to disk. > But, if by accident an user copies the medium term signing keys > related to another relay, Tor will detect they don't match the >

Re: [tor-dev] Just releasted : haskell-tor

Nik Kinkel writes: > Python+Twisted: https://github.com/nskinkel/oppy Great, thanks! I suggest filling out the "description" on your repo, as that's all GitHub shows when you're browsing your list of starred repositories (and nothing in "oppy" grabbed me as "tor

Re: [tor-dev] DoS resistance for Next-Generation Onion Services

Hi George, Please see below for a spec patch covering this email thread and various issues discussed on Trac and tor-dev@ > On 20 Nov 2015, at 00:13, George Kadianakis wrote: > > Tim Wilson-Brown - teor > > writes: > >> Hi

Re: [tor-dev] DoS resistance for Next-Generation Onion Services

> On 20 Nov 2015, at 12:21, Tim Wilson-Brown - teor wrote: > > ... > > A full list of changes is: > ... > * randomise revision-counter to avoid information leaks > … I just pushed a fixup to this commit: the revision-counter requires a minimum increment of 1 (not 0).

Re: [tor-dev] Shared random value calculation edge cases (proposal 250)

David Goulet writes: > On 19 Nov (14:30:47), Jacob Appelbaum wrote: >> Hi George, >> >> On 11/12/15, George Kadianakis wrote: >> > Hello there believers of prop250, >> > >> > you can find the latest version of the proposal in the upstream torpec >> >

Re: [tor-dev] Shared random value calculation edge cases (proposal 250)

On 19 Nov (14:30:47), Jacob Appelbaum wrote: > Hi George, > > On 11/12/15, George Kadianakis wrote: > > Hello there believers of prop250, > > > > you can find the latest version of the proposal in the upstream torpec > > repo: > > > >

Re: [tor-dev] Just releasted : haskell-tor

I'm trying out this as a unikernel, super cool. On Thu, Nov 19, 2015 at 2:31 AM -0800, "grarpamp" wrote: On Wed, Nov 18, 2015 at 2:25 PM, grarpamp wrote: > What other implementations of Tor (with links) are out there > besides mainline? I could wiki them.

Re: [tor-dev] displaying an ed25519 signing key's expiry date

>> How can a tor relay op display a given signing key's expiry date? >> > > I don't think there is an option for this. filed a ticket for it: https://trac.torproject.org/projects/tor/ticket/17639 Is there a custom openssl command to display the expiry date until this gets implemented in tor?

Re: [tor-dev] documentation for new offline master key functionality (--keygen is undocumented)

Is the offline master key limited to ed25519 keys and useless > while using ed25519 + RSA keys at the same time? (because the > RSA key is not offline?) >>> Hmmm. Probably yes. Until transition (until we remove permanently >>> RSA identities) only the ed25519 key will be protected,

Re: [tor-dev] documentation for new offline master key functionality (--keygen is undocumented)

>>> Does a tor operator has to SIGHUP a running tor instance after >>> copying the new signing keys to the appropriate folder or will tor >>> attempt to reload that file as soon as this signing key expires? >> Yes. > > Yes, HUP? reference:

Re: [tor-dev] displaying an ed25519 signing key's expiry date

On Thu, 19 Nov 2015 11:42:16 + nusenu wrote: > >> How can a tor relay op display a given signing key's expiry date? > >> > > > I don't think there is an option for this. > > filed a ticket for it: > https://trac.torproject.org/projects/tor/ticket/17639 > > >

Re: [tor-dev] Just releasted : haskell-tor

On Wed, Nov 18, 2015 at 2:25 PM, grarpamp wrote: > What other implementations of Tor (with links) are out there > besides mainline? I could wiki them. https://trac.torproject.org/projects/tor/wiki/doc/ListOfTorImplementations It's currently an orphan, someone with privs can

Re: [tor-dev] displaying an ed25519 signing key's expiry date

How can a tor relay op display a given signing key's expiry date? > >>> I don't think there is an option for this. >> >> filed a ticket for it: >> https://trac.torproject.org/projects/tor/ticket/17639 >> >> >> Is there a custom openssl command to display the expiry date until >>

Re: [tor-dev] OfflineMasterKey / ansible-relayor

>> I copy/expose the following files to the relay: >> > >> > [ 'ed25519_master_id_public_key', 'ed25519_signing_cert', >> > 'ed25519_signing_secret_key', 'secret_id_key', 'secret_onion_key', >> > 'secret_onion_key_ntor'] >> > >> > > When first setting up (new relay) or restoring the relay,

Re: [tor-dev] OfflineMasterKey / ansible-relayor

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/19/2015 12:19 AM, nusenu wrote: >> background: I might want to integrate offline master key >> functionality into ansible-relayor [1]. > > I added (preliminary) OfflineMasterKey support to ansible-relayor > [1] - in fact it will become the

Re: [tor-dev] DoS resistance for Next-Generation Onion Services

Tim Wilson-Brown - teor writes: > Hi All, > > prop224 salts the encrypted portion of each descriptor with a random value. > If we use the same "salt" for every replica/spread, the encrypted portions of > the descriptor will be identical. > (In the spec, it looks like the

Re: [tor-dev] Just releasted : haskell-tor

On 11/18/2015 10:18 PM, meejah wrote: > grarpamp writes: > >> What other implementations of Tor (with links) are out there >> besides mainline? I could wiki them. > > There's this, in "python + Scapy": >https://github.com/cea-sec/TorPylle > > ...and, based on the

Re: [tor-dev] Shared random value calculation edge cases (proposal 250)

s7r writes: > Hello, > > Saw the content of this section in master was corrected, yet the > subtitle is little confusing: > > 4.1.6. Including the ed25519 shared randomness key in votes [SRKEY] > > From the content of this section I understand that we are going to > include the