Change the default of AuthDirPinKeys to 1.

Closes ticket 18319.
This commit is contained in:
Nick Mathewson 2016-12-13 08:54:38 -05:00
parent bd2a1d0231
commit 0dd48bfe5a
3 changed files with 6 additions and 2 deletions

4
changes/ticket18319 Normal file
View File

@ -0,0 +1,4 @@
o Minor features (directory authority, security):
- The default for AuthDirPinKeys is now 1: directory authorities will
reject relays where the RSA identity key matches a previously seen
value, but the Ed25519 key has changed. Closes ticket 18319.

View File

@ -2265,7 +2265,7 @@ on the public Tor network.
publish a descriptor if any other relay has reserved its <Ed25519,RSA>
identity keypair. In all cases, Tor records every keypair it accepts
in a journal if it is new, or if it differs from the most recently
accepted pinning for one of the keys it contains. (Default: 0)
accepted pinning for one of the keys it contains. (Default: 1)
[[AuthDirSharedRandomness]] **AuthDirSharedRandomness** **0**|**1**::
Authoritative directories only. Switch for the shared random protocol.

View File

@ -211,7 +211,7 @@ static config_var_t option_vars_[] = {
V(AuthDirInvalidCCs, CSV, ""),
V(AuthDirFastGuarantee, MEMUNIT, "100 KB"),
V(AuthDirGuardBWGuarantee, MEMUNIT, "2 MB"),
V(AuthDirPinKeys, BOOL, "0"),
V(AuthDirPinKeys, BOOL, "1"),
V(AuthDirReject, LINELIST, NULL),
V(AuthDirRejectCCs, CSV, ""),
OBSOLETE("AuthDirRejectUnlisted"),