#22498: Offline directory authorities need a way to post their certificate to other authorities ------------------------------+---------------------------------------- Reporter: teor | Owner: Type: defect | Status: new Priority: Medium | Milestone: Tor: very long term Component: Core Tor/Tor | Version: Severity: Normal | Keywords: tor-auth, tor-auth-offline Actual Points: | Parent ID: Points: 5 | Reviewer: Sponsor: | ------------------------------+---------------------------------------- We have wanted to be able to run (the signing parts of) a directory authority offline for a while, because it's more secure.
So I have been experimenting with an offline (ORPort and DirPort unreachable) directory authority on the test net. Almost everything works: it posts votes, downloads votes from other authorities, signs consensuses, and posts its signature. It could easily do these things using a 3-hop Tor path. But once its authority certificate expires, it has no way to post it to the other authorities. A workaround is to overwrite another authority's cached-certs file with the missing authority certificate file. But this is nasty. We should make authorities accept certificate posts, and post their certificates to one another. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22498> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs