-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/28/2015 2:26 PM, nusenu wrote:
> The important info for me here is: How is "about to expire"
> defined? x days before expiry or
I think 24 hours before expiry.
> 80% of its lifetime is over?
No.
> Can it be configured?
No. This would not
(thread split from [1])
s7r wrote:
> - - when you run tor --orport [...] just to generate the keys in a
> non-interactive way, include a PublishServerDescriptor 0 in the
> command as well, send the log to /dev/null and terminate the process
> immediately. The descriptor will have to be published
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/28/2015 1:48 PM, nusenu wrote:
> (thread split from [1])
>
> reproducer: mkdir tdata tor --PublishServerDescriptor 0 --orport
> 1234 --datadirectory tdata --list-fingerprint --quiet
>
> (new signing key with default expiry created)
>
>
> I think [2] is the wrong link? There's nothing about this in there.
thanks for pointing that out, correct URL:
https://trac.torproject.org/projects/tor/ticket/17603
> I think this is expected and correct behavior.
>
> If medium term signing key exists, and is sufficiently valid in the
>
s7r:
> On 11/28/2015 2:26 PM, nusenu wrote:
>> > The important info for me here is: How is "about to expire"
>> > defined? x days before expiry or
> I think 24 hours before expiry.
After trying this in practice I can confirm that tor renewed the signing
key after it entered a timewindow not