[tor-bugs] #16944 [Tor]: We need a "never make or load an online master key" option
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 2 15:00:57 UTC 2015
#16944: We need a "never make or load an online master key" option
-------------------------+-------------------------------------------------
Reporter: nickm | Owner:
Type: | Status: needs_review
enhancement | Milestone: Tor: 0.2.7.x-final
Priority: normal | Version:
Component: Tor | Keywords: PostFreeze027 TorCoreTeam201509
Resolution: | ed25519
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by s7r):
Somehow I missed this last night. There is a small misbehavior.
If OfflineMasterKey is set, and Tor is started with no ed25519 files in
$datadirectory/keys, it will quit and not generate anything. OK
If OfflineMasterKey is set, and Tor is started with expired cert and
medium term signing key, or cert expires while running, it will not try to
load the master key. OK
If we have both ed25519_master_id_secret_key and
ed25519_master_id_public_key (no cert and medium term signing key), of
OfflineMasterKey is set Tor will not load it. OK
If OfflineMasterKey is set, and Tor is started just with
ed25519_master_id_secret_key in $datadirectory/keys, it will generate
public key, cert and medium term signing key and ignore OfflineMasterKey
setting. Maybe not OK, but not the end of the world. Can we fix this?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16944#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list