diff --git a/dir-spec.txt b/dir-spec.txt index 6c3105e..1bd73ba 100644 --- a/dir-spec.txt +++ b/dir-spec.txt @@ -909,6 +909,18 @@ $Id$ server's administrator. Administrators should include at least an email address and a PGP fingerprint. + "legacy-key" SP FINGERPRINT NL + + [At most once] + + Lists a fingerprint for an obsolete _identity_ key still used + by this authority to keep older clients working. This option + is used to keep key around for a little while in case the + authorities need to migrate many identity keys at once. + (Generally, this would only happen because of a security + vulnerability that affected multiple authorities, like the + Debian OpenSSL RNG bug of May 2008.) + The authority section of a consensus contains groups the following items, in the order given, with one group for each authority that contributed to the consensus, with groups sorted by authority identity digest: @@ -1176,7 +1188,12 @@ $Id$ The authority item groups (dir-source, contact, fingerprint, vote-digest) are taken from the votes of the voting authorities. These groups are sorted by the digests of the - authorities identity keys, in ascending order. + authorities identity keys, in ascending order. If the consensus + method is 3 or later, a dir-source line must be included for + every vote with legacy-key entry, using the legacy-key's + fingerprint, the voter's ordinary nickname with the string + "-legacy" appended, and all other fields as from the original + vote's dir-source line. A router status entry: * is included in the result if some router status entry with the same diff --git a/proposals/000-index.txt b/proposals/000-index.txt index 331a5ae..b0edd73 100644 --- a/proposals/000-index.txt +++ b/proposals/000-index.txt @@ -58,7 +58,7 @@ Proposals by number: 133 Incorporate Unreachable ORs into the Tor Network [DRAFT] 134 More robust consensus voting with diverse authority sets [ACCEPTED] 135 Simplify Configuration of Private Tor Networks [FINISHED] -136 Mass authority migration with legacy keys [FINISHED] +136 Mass authority migration with legacy keys [CLOSED] 137 Keep controllers informed as Tor bootstraps [CLOSED] 138 Remove routers that are not Running from consensus documents [CLOSED] 139 Download consensus documents only when it will be trusted [CLOSED] @@ -121,7 +121,6 @@ Proposals by status: 111 Prioritizing local traffic over relayed traffic 128 Families of private bridges 135 Simplify Configuration of Private Tor Networks - 136 Mass authority migration with legacy keys CLOSED: 101 Voting on the Tor Directory System 102 Dropping "opt" from the directory format @@ -140,6 +139,7 @@ Proposals by status: 126 Getting GeoIP data and publishing usage summaries 129 Block Insecure Protocols by Default 130 Version 2 Tor connection protocol + 136 Mass authority migration with legacy keys 137 Keep controllers informed as Tor bootstraps 138 Remove routers that are not Running from consensus documents 139 Download consensus documents only when it will be trusted diff --git a/proposals/136-legacy-keys.txt b/proposals/136-legacy-keys.txt index 7d3c07d..f2b1b5c 100644 --- a/proposals/136-legacy-keys.txt +++ b/proposals/136-legacy-keys.txt @@ -2,7 +2,7 @@ Filename: 136-legacy-keys.txt Title: Mass authority migration with legacy keys Author: Nick Mathewson Created: 13-May-2008 -Status: Finished +Status: Closed Implemented-In: 0.2.0.x Overview: