Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/28/2015 2:26 PM, nusenu wrote: > The important info for me here is: How is "about to expire" > defined? x days before expiry or I think 24 hours before expiry. > 80% of its lifetime is over? No. > Can it be configured? No. This would not

[tor-dev] tor ignores --SigningKeyLifetime when keys exist

(thread split from [1]) s7r wrote: > - - when you run tor --orport [...] just to generate the keys in a > non-interactive way, include a PublishServerDescriptor 0 in the > command as well, send the log to /dev/null and terminate the process > immediately. The descriptor will have to be published

Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 11/28/2015 1:48 PM, nusenu wrote: > (thread split from [1]) > > reproducer: mkdir tdata tor --PublishServerDescriptor 0 --orport > 1234 --datadirectory tdata --list-fingerprint --quiet > > (new signing key with default expiry created) > >

Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist

> I think [2] is the wrong link? There's nothing about this in there. thanks for pointing that out, correct URL: https://trac.torproject.org/projects/tor/ticket/17603 > I think this is expected and correct behavior. > > If medium term signing key exists, and is sufficiently valid in the >

Re: [tor-dev] tor ignores --SigningKeyLifetime when keys exist

s7r: > On 11/28/2015 2:26 PM, nusenu wrote: >> > The important info for me here is: How is "about to expire" >> > defined? x days before expiry or > I think 24 hours before expiry. After trying this in practice I can confirm that tor renewed the signing key after it entered a timewindow not

Re: [tor-dev] documentation for new offline master key functionality (--keygen is undocumented)

> I have actually tried this in practice to see what happens. > > If you replace the ed25519 medium term singing key and certificate in > $datadirectory/keys, Tor will re-read keys from disk even if you don't > send a SIGHUP when it outputs: > > [notice] It looks like I should try to generate

Re: [tor-dev] does renewing ed25519 signing key hurt if done to often?

the 'problem' solved itself (tor does not need HUP when it's keyfile changed) ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

[tor-dev] tor weather warning tor ops about expiring signing keys?

Hi, I'm wondering if a service like a future tor weather could have an additional check to warn relay ops about key expiry: (something like "Email me when the router's signing key is about to expire") Do relays disclose the fact that they are run via OfflineMasterKey 1? Do dir auths/tor clients

Re: [tor-dev] Summary of meek's costs, October 2015

On Fri, Nov 20, 2015 at 05:50:51PM -0600, Tom Ritter wrote: > On 18 November 2015 at 16:32, David Fifield wrote: > > There was an unfortunate outage of meek-amazon (not the result of > > censorship, just operations failure). Between 30 September and 9 October > > the bridge