Note TLS link key size and digest change in prop220

author: Nick Mathewson <nickm@torproject.org> 2016-09-22 11:12:20 -0400
committer: Nick Mathewson <nickm@torproject.org> 2016-09-22 11:12:20 -0400
commit: b2e42644dc39abe6c4960346fd588d8dcd0ab650 (patch)
tree: e59c687325338b0d26d151cb4f40541a83467be9 /proposals/220-ecc-id-keys.txt
parent: 0760e80a360ad1d315b48099f3ebd5e511516b2d (diff)
download: torspec-b2e42644dc39abe6c4960346fd588d8dcd0ab650.tar.gz
torspec-b2e42644dc39abe6c4960346fd588d8dcd0ab650.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/proposals/220-ecc-id-keys.txt b/proposals/220-ecc-id-keys.txt
index 7a21f20..dd063e8 100644
--- a/proposals/220-ecc-id-keys.txt
+++ b/proposals/220-ecc-id-keys.txt
@@ -670,3 +670,11 @@ A.5. Reserved numbers
         6: TLS authentication key certified by Ed25519 signing key
         7: RSA cross-certificate for Ed25519 identity key
 
+
+A.6. Related changes
+
+   As we merge this, proposal, we should also extend link key size to
+   2048 bits, and use SHA256 as the x509 cert algorithm for our link
+   keys. This will improve link security, and deliver better
+   fingerprinting resistence.  See proposal 179 for an older discussion
+   of this issue.
author	Nick Mathewson <nickm@torproject.org>	2016-09-22 11:12:20 -0400
committer	Nick Mathewson <nickm@torproject.org>	2016-09-22 11:12:20 -0400
commit	b2e42644dc39abe6c4960346fd588d8dcd0ab650 (patch)
tree	e59c687325338b0d26d151cb4f40541a83467be9 /proposals/220-ecc-id-keys.txt
parent	0760e80a360ad1d315b48099f3ebd5e511516b2d (diff)
download	torspec-b2e42644dc39abe6c4960346fd588d8dcd0ab650.tar.gz torspec-b2e42644dc39abe6c4960346fd588d8dcd0ab650.zip