Opened 4 years ago

Last modified 2 years ago

#17579 new enhancement

Split tor-gencert into "make cert" and "sign" portions

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-relay key-management cli security
Cc: ioerror Actual Points:
Parent ID: Points: medium
Reviewer: Sponsor:

Description

The only part of tor-gencert that wants to stay offline is the part that actually uses the master identity key to sign the certificate. All the rest of generating the cert could be done online.

If we made those changes, we would allow operators to leave their offline gencert setups unmaintained for a very very very long time, which would make it easier to keep master identity keys offline.

Child Tickets

Change History (7)

comment:1 Changed 3 years ago by nickm

Milestone: Tor: 0.2.8.x-finalTor: 0.2.9.x-final

It is impossible that we will fix all 226 currently open 028 tickets before 028 releases. Time to move some out. This is my second pass through the "new" and tickets, looking for things to move to 0.2.9.

comment:2 Changed 3 years ago by nickm

Points: medium

comment:3 Changed 3 years ago by isabela

Milestone: Tor: 0.2.9.x-finalTor: 0.2.???

tickets market to be removed from milestone 029

comment:4 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:5 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:6 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:7 Changed 2 years ago by nickm

Keywords: tor-relay key-management cli security added
Note: See TracTickets for help on using tickets.