[Cryptech Tech] Requirements for signing the Tor consensus (was: Stockholm next week)

Linus Nordberg linus at nordberg.se
Wed Mar 5 11:00:29 UTC 2014


Randy Bush <randy at psg.com> wrote
Wed, 05 Mar 2014 06:42:38 +0000:

| [ moved to tech ]
| 
| >> i would like to get a vision of who our first few 'customers' will
| >> be.  dnssec and rpki roots are obvious.  who else?
| > 
| > Seven out of nine Tor directory authorities now sign their votes and
| > consensus with a 2048 bit RSA key. I'd be interested in exploring a
| > way of building something that would move those keys off of general
| > purpose computers.
| 
| why would this not be very easy if one is already meeting rpki root?

I know nothing about RPKI. Tor directory authorities currently use RSA
(with SHA1 or SHA256) for signing. Ordinary relays can nowadays use
Ed25519 (with SHA512) in addition, something I would expect authorities
to start doing too.


| might toroids be willing to help with packaging and upper layers?

I am. Happy to look for more people too.



More information about the Tech mailing list