Change the default of AuthDirPinKeys to 1.

Closes ticket 18319.
2024-11-10 13:13:44 +01:00 · 2016-12-13 08:54:38 -05:00 · 2016-12-13 08:54:38 -05:00 · 0dd48bfe5a
commit 0dd48bfe5a
parent bd2a1d0231
3 changed files with 6 additions and 2 deletions
--- a/changes/ticket18319
+++ b/changes/ticket18319
@ -0,0 +1,4 @@
+  o Minor features (directory authority, security):
+    - The default for AuthDirPinKeys is now 1: directory authorities will
+      reject relays where the RSA identity key matches a previously seen
+      value, but the Ed25519 key has changed. Closes ticket 18319.
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@ -2265,7 +2265,7 @@ on the public Tor network.
    publish a descriptor if any other relay has reserved its <Ed25519,RSA>
    identity keypair. In all cases, Tor records every keypair it accepts
    in a journal if it is new, or if it differs from the most recently
-    accepted pinning for one of the keys it contains. (Default: 0)
+    accepted pinning for one of the keys it contains. (Default: 1)

 [[AuthDirSharedRandomness]] **AuthDirSharedRandomness** **0**|**1**::
    Authoritative directories only. Switch for the shared random protocol.
--- a/src/or/config.c
+++ b/src/or/config.c
@ -211,7 +211,7 @@ static config_var_t option_vars_[] = {
  V(AuthDirInvalidCCs,           CSV,      ""),
  V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
  V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
-  V(AuthDirPinKeys,              BOOL,     "0"),
+  V(AuthDirPinKeys,              BOOL,     "1"),
  V(AuthDirReject,               LINELIST, NULL),
  V(AuthDirRejectCCs,            CSV,      ""),
  OBSOLETE("AuthDirRejectUnlisted"),