On 16 Nov 2015, at 04:51, nusenu <[email protected]> wrote: >>> Is the offline master key limited to ed25519 keys and useless >>>> while using ed25519 + RSA keys at the same time? (because the RSA >>>> key is not offline?) >> Hmmm. Probably yes. Until transition (until we remove permanently RSA >> identities) only the ed25519 key will be protected, RSA key will have >> to be online. Even in this case, directory authorities remember relays >> by their ed25519 + RSA pair of identities. If just one of them >> changes, that relay will be rejected. > Ok, so I guess the only reason to use offline master keys now is to not > have to start from scratch once RSA keys are deprecated for real.
A compromised relay's RSA key can't be used to run another relay without the corresponding offline ed25519 key. (I am assuming that a RSA key with a missing ed25519 key is treated the same as a RSA key with a different ed25519 key: the authorities reject the relay with the missing ed25519 key from the consensus.) This is a good reason to use offline ed25519 master keys, which doesn't relay on RSA keys being deprecated/removed. Tim (teor) _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
