Tie key-pinning logic into directory authority operation - tor - Transit encryption and privacy out of the box

diff options

author	Nick Mathewson <nickm@torproject.org>	2014-10-08 08:32:00 -0400
committer	Nick Mathewson <nickm@torproject.org>	2015-05-28 10:41:49 -0400
commit	592a43910706a67048c7d05e45d35dc79712820a (patch)
tree	be4ae3a131e54248a845bea08e9d3c688bec3ce6 /src/test
parent	eacbe03c71a9ddc7c3745ef8da88580a60021201 (diff)
download	tor-592a43910706a67048c7d05e45d35dc79712820a.tar.gz tor-592a43910706a67048c7d05e45d35dc79712820a.zip

Tie key-pinning logic into directory authority operation

With this patch: * Authorities load the key-pinning log at startup. * Authorities open a key-pinning log for writing at startup. * Authorities reject any router with an ed25519 key where they have previously seen that ed25519 key with a different RSA key, or vice versa. * Authorities warn about, but *do not* reject, RSA-only descriptors when the RSA key has previously gone along with an Ed25519 key. (We should make this a 'reject' too, but we can't do that until we're sure there's no legit reason to downgrade to 0.2.5.)

Diffstat (limited to 'src/test')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: