From 6c14f9076f80f7749543841d47a032d9a71bc6b6 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Wed, 24 Mar 2021 18:17:13 -0400 Subject: fix up the keypinning comments --- src/feature/dirauth/keypin.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/src/feature/dirauth/keypin.c b/src/feature/dirauth/keypin.c index 40353d6b19..29aefd1069 100644 --- a/src/feature/dirauth/keypin.c +++ b/src/feature/dirauth/keypin.c @@ -58,18 +58,16 @@ * with which Ed25519 keys, and force such associations to be permanent. * * This module implements a key-pinning mechanism to ensure that it's safe - * to use RSA keys as identitifers even as we migrate to Ed25519 keys. It - * remembers, for every Ed25519 key we've seen, what the associated Ed25519 + * to use RSA keys as identifiers even as we migrate to Ed25519 keys. It + * remembers, for every Ed25519 key we've seen, what the associated RSA * key is. This way, if we see a different Ed25519 key with that RSA key, * we'll know that there's a mismatch. * - * (As of this writing, these key associations are advisory only, mostly - * because some relay operators kept mishandling their Ed25519 keys during - * the initial Ed25519 rollout. We should fix this problem, and then toggle - * the AuthDirPinKeys option.) + * As of Tor 0.3.0.2-alpha the AuthDirPinKeys option has been on, meaning + * we drop descriptors with mismatches. * * We persist these entries to disk using a simple format, where each line - * has a base64-encoded RSA SHA1 hash, then a base64-endoded Ed25519 key. + * has a base64-encoded RSA SHA1 hash, then a base64-encoded Ed25519 key. * Empty lines, malformed lines, and lines beginning with # are * ignored. Lines beginning with @ are reserved for future extensions. * -- cgit v1.2.3-54-g00ecf