changes file and manpage entry for AuthDirPinKeys

2024-11-27 22:03:31 +01:00 · 2015-09-23 11:30:17 -04:00 · 2015-09-23 11:30:17 -04:00 · 51d18aeb42
commit 51d18aeb42
parent 01733e2b15
2 changed files with 14 additions and 0 deletions
--- a/changes/bug17135
+++ b/changes/bug17135
@ -0,0 +1,7 @@
+  o Major features (Ed25519 keys, keypinning)
+    - The key-pinning option on directory authorities is now
+      advisory-only by default. In a future version, or when the
+      AuthDirPinKeys option is set, pins are enforced again.
+      Disabling key-pinning seemed like a good idea so that we can
+      survive the fallout of any usability problems associated with
+      ed25519 keys. Closes ticket 17135.
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@ -2081,6 +2081,13 @@ on the public Tor network.
    or more is always sufficient to satisfy the bandwidth requirement
    for the Guard flag. (Default: 250 KBytes)

+[[AuthDirPinKeys]] **AuthDirPinKeys** **0**|**1**::
+    Authoritative directories only. If non-zero, do not allow any relay to
+    publish a descriptor if any other relay has reserved its <Ed25519,RSA>
+    identity keypair. In all cases, Tor records every keypair it accepts
+    in a journal if it is new, or if it differs from the most recently
+    accepted pinning for one of the keys it contains. (Default: 0)
+
 [[BridgePassword]] **BridgePassword** __Password__::
    If set, contains an HTTP authenticator that tells a bridge authority to
    serve all requested bridge information. Used by the (only partially