-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/28/2015 2:26 PM, nusenu wrote:
> The important info for me here is: How is "about to expire"
> defined? x days before expiry or
I think 24 hours before expiry.
> 80% of its lifetime is over?
No.
> Can it be configured?
No. This would not
(thread split from [1])
s7r wrote:
> - - when you run tor --orport [...] just to generate the keys in a
> non-interactive way, include a PublishServerDescriptor 0 in the
> command as well, send the log to /dev/null and terminate the process
> immediately. The descriptor will have to be published
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/28/2015 1:48 PM, nusenu wrote:
> (thread split from [1])
>
> reproducer: mkdir tdata tor --PublishServerDescriptor 0 --orport
> 1234 --datadirectory tdata --list-fingerprint --quiet
>
> (new signing key with default expiry created)
>
>
> I think [2] is the wrong link? There's nothing about this in there.
thanks for pointing that out, correct URL:
https://trac.torproject.org/projects/tor/ticket/17603
> I think this is expected and correct behavior.
>
> If medium term signing key exists, and is sufficiently valid in the
>
s7r:
> On 11/28/2015 2:26 PM, nusenu wrote:
>> > The important info for me here is: How is "about to expire"
>> > defined? x days before expiry or
> I think 24 hours before expiry.
After trying this in practice I can confirm that tor renewed the signing
key after it entered a timewindow not
> I have actually tried this in practice to see what happens.
>
> If you replace the ed25519 medium term singing key and certificate in
> $datadirectory/keys, Tor will re-read keys from disk even if you don't
> send a SIGHUP when it outputs:
>
> [notice] It looks like I should try to generate
the 'problem' solved itself
(tor does not need HUP when it's keyfile changed)
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Hi,
I'm wondering if a service like a future tor weather could have an
additional check to warn relay ops about key expiry:
(something like "Email me when the router's signing key is about to
expire")
Do relays disclose the fact that they are run via OfflineMasterKey 1?
Do dir auths/tor clients
On Fri, Nov 20, 2015 at 05:50:51PM -0600, Tom Ritter wrote:
> On 18 November 2015 at 16:32, David Fifield wrote:
> > There was an unfortunate outage of meek-amazon (not the result of
> > censorship, just operations failure). Between 30 September and 9 October
> > the bridge