diff options
author | Nick Mathewson <nickm@torproject.org> | 2017-05-16 09:33:21 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2017-05-16 09:33:21 -0400 |
commit | 78636a3911b2db96ff80194d1309f72acf66fd59 (patch) | |
tree | 6cf8a96a47334565bdf2f582ad47c6bcae9f4738 /tor-spec.txt | |
parent | 4b879cb63c88c8285adeb988accbe4a996295898 (diff) | |
download | torspec-78636a3911b2db96ff80194d1309f72acf66fd59.tar.gz torspec-78636a3911b2db96ff80194d1309f72acf66fd59.zip |
Merge prop274; mark it closed.
Diffstat (limited to 'tor-spec.txt')
-rw-r--r-- | tor-spec.txt | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/tor-spec.txt b/tor-spec.txt index fdb8535..f61e98f 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -147,9 +147,10 @@ see tor-design.pdf. - A long-term signing-only "Identity key" used to sign documents and certificates, and used to establish relay identity. - A medium-term TAP "Onion key" used to decrypt onion skins when accepting - circuit extend attempts. (See 5.1.) Old keys MUST be accepted for at - least one week after they are no longer advertised. Because of this, - relays MUST retain old keys for a while after they're rotated. + circuit extend attempts. (See 5.1.) Old keys MUST be accepted for a + while after they are no longer advertised. Because of this, + relays MUST retain old keys for a while after they're rotated. (See + "onion key lifetime parameters" in dir-spec.txt.) - A short-term "Connection key" used to negotiate TLS connections. Tor implementations MAY rotate this key as often as they like, and SHOULD rotate this key at least once a day. @@ -160,7 +161,8 @@ see tor-design.pdf. accepting incoming circuit extend requests. As with TAP onion keys, old ntor keys MUST be accepted for at least one week after they are no longer advertised. Because of this, relays MUST retain old keys for a - while after they're rotated. + while after they're rotated. (See "onion key lifetime parameters" in + dir-spec.txt.) These are Ed25519 keys: |