[tor-dev] tor ignores --SigningKeyLifetime when keys exist

s7r s7r at sky-ip.org
Sat Nov 28 12:48:54 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


On 11/28/2015 2:26 PM, nusenu wrote:
> The important info for me here is: How is "about to expire"
> defined? x days before expiry or

I think 24 hours before expiry.

> 80% of its lifetime is over?

No.

> Can it be configured?

No. This would not be helpful - complicating the already complicated
code for this feature which wouldn't solve/fix or make anything
better/easier.

> yes that is correct. So for the workaround of the workaround I
> will simply invoke tor twice. First time without --keygen for key
> generation, then with --keygen for signing key renewal.
> 
> thanks for the quick reply.

Hey, welcome :)
That sounds good to me.
Yeah, we  built it with a logic that will work for all types of
operators, people with less experience with Tor and can easily make
mistakes, misconfigurations, etc. Advanced users like you who code
scripts can always find workarounds.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJWWaK1AAoJEIN/pSyBJlsRF04IANfxG9/i+WbAVt2HwY5yOWb5
SwCYQvyMHWrUBFC8MexdOQZnKZ9NLfngJ4O5yO+4+BTDFSNy1FZilkjN3MY1Uaix
ZIG9hmFiZMRpEks7LJWtL1SvQF5bE/H4UlyEsrPmNjE3m+mZqPB1XfRj4f0/dXFE
pFrHIV3YCHBgezpN7ZxMiyQZZGpTXmOh+ee0MLJ51NvHzZwYFCrAiIEbMYJdnuQ4
as4WEzT9frX1N9Tmq0Tkg9BmeROvyeUsFfuKvgh+g2AeaNHgI8HJUWbM86IFDKSd
Gs+OpkL9ot+3ecZ//PdlfBzSobkyZ4gwh53CrPNLgyptXwGoU2T4HWd0hWb9L8g=
=ncc0
-----END PGP SIGNATURE-----


More information about the tor-dev mailing list