[tor-dev] Proposal 220 (revised): Migrate server identity keys to Ed25519

Sebastian Hahn hahn.seb at web.de
Mon Aug 18 00:40:24 UTC 2014


Hi Nick,

On 25 Feb 2014, at 17:18, Nick Mathewson <nickm at torproject.org> wrote:
>   To mirror the way that authority identity keys work, we'll fully
>   support keeping Ed25519 identity keys offline; they'll be used to
>   sign long-ish term signing keys, which in turn will do all of the
>   heavy lifting.  A signing key will get used to sign the things that
>   RSA1024 identity keys currently sign.

There was a discussion of this point on tor-talk just now. s7r (one
of the nice support people) was also present, maybe he will follow up
here as well.

Basically, the operational complexity of doing this seems to be
under-appreciated here, and we're wondering if the added code
complexity can possibly be worth it. Maybe we should ask some of the
super big relays to weigh in.

Cheers
Sebastian


More information about the tor-dev mailing list