Merge branch 'bug2865'

This commit is contained in:
Nick Mathewson 2012-06-11 09:53:49 -04:00
commit cb01aaea12
2 changed files with 48 additions and 44 deletions

4
changes/bug2865 Normal file
View File

@ -0,0 +1,4 @@
o Documentation fixes:
- Correct the manpage's descriptions for the default values of
DirReqStatistics and ExtraInfoStatistics. Fixes bug 2865; bugfix
on 0.2.3.1-alpha.

View File

@ -167,7 +167,7 @@ Other options can be specified either on the command-line (--option
You should **not** enable this feature unless you encounter the "no buffer You should **not** enable this feature unless you encounter the "no buffer
space available" issue. Reducing the TCP buffers affects window size for space available" issue. Reducing the TCP buffers affects window size for
the TCP stream and will reduce throughput in proportion to round trip the TCP stream and will reduce throughput in proportion to round trip
time on long paths. (Default: 0.) time on long paths. (Default: 0)
**ConstrainedSockSize** __N__ **bytes**|**KB**:: **ConstrainedSockSize** __N__ **bytes**|**KB**::
When **ConstrainedSockets** is enabled the receive and transmit buffers for When **ConstrainedSockets** is enabled the receive and transmit buffers for
@ -183,15 +183,15 @@ Other options can be specified either on the command-line (--option
host to control it. (Setting both authentication methods means either host to control it. (Setting both authentication methods means either
method is sufficient to authenticate to Tor.) This method is sufficient to authenticate to Tor.) This
option is required for many Tor controllers; most use the value of 9051. option is required for many Tor controllers; most use the value of 9051.
Set it to "auto" to have Tor pick a port for you. (Default: 0). Set it to "auto" to have Tor pick a port for you. (Default: 0)
**ControlListenAddress** __IP__[:__PORT__]:: **ControlListenAddress** __IP__[:__PORT__]::
Bind the controller listener to this address. If you specify a port, bind Bind the controller listener to this address. If you specify a port, bind
to this port rather than the one specified in ControlPort. We strongly to this port rather than the one specified in ControlPort. We strongly
recommend that you leave this alone unless you know what you're doing, recommend that you leave this alone unless you know what you're doing,
since giving attackers access to your control listener is really since giving attackers access to your control listener is really
dangerous. (Default: 127.0.0.1) This directive can be specified multiple dangerous. This directive can be specified multiple
times to bind to multiple addresses/ports. times to bind to multiple addresses/ports. (Default: 127.0.0.1)
**ControlSocket** __Path__:: **ControlSocket** __Path__::
Like ControlPort, but listens on a Unix domain socket, rather than a TCP Like ControlPort, but listens on a Unix domain socket, rather than a TCP
@ -224,7 +224,7 @@ Other options can be specified either on the command-line (--option
If this option is set to 0, don't allow the filesystem group to read the If this option is set to 0, don't allow the filesystem group to read the
cookie file. If the option is set to 1, make the cookie file readable by cookie file. If the option is set to 1, make the cookie file readable by
the default GID. [Making the file readable by other groups is not yet the default GID. [Making the file readable by other groups is not yet
implemented; let us know if you need this for some reason.] (Default: 0). implemented; let us know if you need this for some reason.] (Default: 0)
**ControlPortWriteToFile** __Path__:: **ControlPortWriteToFile** __Path__::
If set, Tor writes the address and port of any control port it opens to If set, Tor writes the address and port of any control port it opens to
@ -234,7 +234,7 @@ Other options can be specified either on the command-line (--option
**ControlPortFileGroupReadable** **0**|**1**:: **ControlPortFileGroupReadable** **0**|**1**::
If this option is set to 0, don't allow the filesystem group to read the If this option is set to 0, don't allow the filesystem group to read the
control port file. If the option is set to 1, make the control port control port file. If the option is set to 1, make the control port
file readable by the default GID. (Default: 0). file readable by the default GID. (Default: 0)
**DataDirectory** __DIR__:: **DataDirectory** __DIR__::
Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor) Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor)
@ -266,7 +266,7 @@ Other options can be specified either on the command-line (--option
If this option is set to 1, when running as a server, generate our If this option is set to 1, when running as a server, generate our
own Diffie-Hellman group instead of using the one from Apache's mod_ssl. own Diffie-Hellman group instead of using the one from Apache's mod_ssl.
This option may help circumvent censorship based on static This option may help circumvent censorship based on static
Diffie-Hellman parameters. (Default: 1). Diffie-Hellman parameters. (Default: 1)
**AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ + **AlternateDirAuthority** [__nickname__] [**flags**] __address__:__port__ __fingerprint__ +
@ -497,7 +497,7 @@ Other options can be specified either on the command-line (--option
CircuitPriorityHalflife value (in seconds). If this option is not set at CircuitPriorityHalflife value (in seconds). If this option is not set at
all, we use the behavior recommended in the current consensus all, we use the behavior recommended in the current consensus
networkstatus. This is an advanced option; you generally shouldn't have networkstatus. This is an advanced option; you generally shouldn't have
to mess with it. (Default: not set.) to mess with it. (Default: not set)
**DisableIOCP** **0**|**1**:: **DisableIOCP** **0**|**1**::
If Tor was built to use the Libevent's "bufferevents" networking code If Tor was built to use the Libevent's "bufferevents" networking code
@ -568,7 +568,7 @@ The following options are useful only for clients (that is, if
open in that time, give up on it. If LearnCircuitBuildTimeout is 1, this open in that time, give up on it. If LearnCircuitBuildTimeout is 1, this
value serves as the initial value to use before a timeout is learned. If value serves as the initial value to use before a timeout is learned. If
LearnCircuitBuildTimeout is 0, this value is the only value used. LearnCircuitBuildTimeout is 0, this value is the only value used.
(Default: 60 seconds.) (Default: 60 seconds)
**CircuitIdleTimeout** __NUM__:: **CircuitIdleTimeout** __NUM__::
If we have kept a clean (never used) circuit around for NUM seconds, then If we have kept a clean (never used) circuit around for NUM seconds, then
@ -576,7 +576,7 @@ The following options are useful only for clients (that is, if
of its circuits, and then expire its TLS connections. Also, if we end up of its circuits, and then expire its TLS connections. Also, if we end up
making a circuit that is not useful for exiting any of the requests we're making a circuit that is not useful for exiting any of the requests we're
receiving, it won't forever take up a slot in the circuit list. (Default: 1 receiving, it won't forever take up a slot in the circuit list. (Default: 1
hour.) hour)
**CircuitStreamTimeout** __NUM__:: **CircuitStreamTimeout** __NUM__::
If non-zero, this option overrides our internal timeout schedule for how If non-zero, this option overrides our internal timeout schedule for how
@ -864,14 +864,14 @@ The following options are useful only for clients (that is, if
**SocksTimeout** __NUM__:: **SocksTimeout** __NUM__::
Let a socks connection wait NUM seconds handshaking, and NUM seconds Let a socks connection wait NUM seconds handshaking, and NUM seconds
unattached waiting for an appropriate circuit, before we fail it. (Default: unattached waiting for an appropriate circuit, before we fail it. (Default:
2 minutes.) 2 minutes)
**TokenBucketRefillInterval** __NUM__ [**msec**|**second**]:: **TokenBucketRefillInterval** __NUM__ [**msec**|**second**]::
Set the refill interval of Tor's token bucket to NUM milliseconds. Set the refill interval of Tor's token bucket to NUM milliseconds.
NUM must be between 1 and 1000, inclusive. Note that the configured NUM must be between 1 and 1000, inclusive. Note that the configured
bandwidth limits are still expressed in bytes per second: this bandwidth limits are still expressed in bytes per second: this
option only affects the frequency with which Tor checks to see whether option only affects the frequency with which Tor checks to see whether
previously exhausted connections may read again. (Default: 100 msec.) previously exhausted connections may read again. (Default: 100 msec)
**TrackHostExits** __host__,__.domain__,__...__:: **TrackHostExits** __host__,__.domain__,__...__::
For each value in the comma separated list, Tor will track recent For each value in the comma separated list, Tor will track recent
@ -904,18 +904,18 @@ The following options are useful only for clients (that is, if
If this option is set to 1, we pick a few long-term entry servers, and try If this option is set to 1, we pick a few long-term entry servers, and try
to stick with them. This is desirable because constantly changing servers to stick with them. This is desirable because constantly changing servers
increases the odds that an adversary who owns some servers will observe a increases the odds that an adversary who owns some servers will observe a
fraction of your paths. (Defaults to 1.) fraction of your paths. (Default: 1)
**NumEntryGuards** __NUM__:: **NumEntryGuards** __NUM__::
If UseEntryGuards is set to 1, we will try to pick a total of NUM routers If UseEntryGuards is set to 1, we will try to pick a total of NUM routers
as long-term entries for our circuits. (Defaults to 3.) as long-term entries for our circuits. (Default: 3)
**SafeSocks** **0**|**1**:: **SafeSocks** **0**|**1**::
When this option is enabled, Tor will reject application connections that When this option is enabled, Tor will reject application connections that
use unsafe variants of the socks protocol -- ones that only provide an IP use unsafe variants of the socks protocol -- ones that only provide an IP
address, meaning the application is doing a DNS resolve first. address, meaning the application is doing a DNS resolve first.
Specifically, these are socks4 and socks5 when not doing remote DNS. Specifically, these are socks4 and socks5 when not doing remote DNS.
(Defaults to 0.) (Default: 0)
**TestSocks** **0**|**1**:: **TestSocks** **0**|**1**::
When this option is enabled, Tor will make a notice-level log entry for When this option is enabled, Tor will make a notice-level log entry for
@ -975,7 +975,7 @@ The following options are useful only for clients (that is, if
Linux's IPTables. If you're planning to use Tor as a transparent proxy for Linux's IPTables. If you're planning to use Tor as a transparent proxy for
a network, you'll want to examine and change VirtualAddrNetwork from the a network, you'll want to examine and change VirtualAddrNetwork from the
default setting. You'll also want to set the TransListenAddress option for default setting. You'll also want to set the TransListenAddress option for
the network you'd like to proxy. (Default: 0). the network you'd like to proxy. (Default: 0)
**TransListenAddress** __IP__[:__PORT__]:: **TransListenAddress** __IP__[:__PORT__]::
Bind to this address to listen for transparent proxy connections. (Default: Bind to this address to listen for transparent proxy connections. (Default:
@ -1008,7 +1008,7 @@ The following options are useful only for clients (that is, if
that ends with one of the suffixes in **AutomapHostsSuffixes**, we map an that ends with one of the suffixes in **AutomapHostsSuffixes**, we map an
unused virtual address to that address, and return the new virtual address. unused virtual address to that address, and return the new virtual address.
This is handy for making ".onion" addresses work with applications that This is handy for making ".onion" addresses work with applications that
resolve an address and then connect to it. (Default: 0). resolve an address and then connect to it. (Default: 0)
**AutomapHostsSuffixes** __SUFFIX__,__SUFFIX__,__...__:: **AutomapHostsSuffixes** __SUFFIX__,__SUFFIX__,__...__::
A comma-separated list of suffixes to use with **AutomapHostsOnResolve**. A comma-separated list of suffixes to use with **AutomapHostsOnResolve**.
@ -1019,7 +1019,7 @@ The following options are useful only for clients (that is, if
them anonymously. Set the port to "auto" to have Tor pick a port for them anonymously. Set the port to "auto" to have Tor pick a port for
you. This directive can be specified multiple times to bind to multiple you. This directive can be specified multiple times to bind to multiple
addresses/ports. See SOCKSPort for an explanation of isolation addresses/ports. See SOCKSPort for an explanation of isolation
flags. (Default: 0). flags. (Default: 0)
**DNSListenAddress** __IP__[:__PORT__]:: **DNSListenAddress** __IP__[:__PORT__]::
Bind to this address to listen for DNS connections. (DEPRECATED: As of Bind to this address to listen for DNS connections. (DEPRECATED: As of
@ -1032,35 +1032,35 @@ The following options are useful only for clients (that is, if
If true, Tor does not believe any anonymously retrieved DNS answer that If true, Tor does not believe any anonymously retrieved DNS answer that
tells it that an address resolves to an internal address (like 127.0.0.1 or tells it that an address resolves to an internal address (like 127.0.0.1 or
192.168.0.1). This option prevents certain browser-based attacks; don't 192.168.0.1). This option prevents certain browser-based attacks; don't
turn it off unless you know what you're doing. (Default: 1). turn it off unless you know what you're doing. (Default: 1)
**ClientRejectInternalAddresses** **0**|**1**:: **ClientRejectInternalAddresses** **0**|**1**::
If true, Tor does not try to fulfill requests to connect to an internal If true, Tor does not try to fulfill requests to connect to an internal
address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is
specifically requested__ (for example, via a .exit hostname, or a specifically requested__ (for example, via a .exit hostname, or a
controller request). (Default: 1). controller request). (Default: 1)
**DownloadExtraInfo** **0**|**1**:: **DownloadExtraInfo** **0**|**1**::
If true, Tor downloads and caches "extra-info" documents. These documents If true, Tor downloads and caches "extra-info" documents. These documents
contain information about servers other than the information in their contain information about servers other than the information in their
regular router descriptors. Tor does not use this information for anything regular router descriptors. Tor does not use this information for anything
itself; to save bandwidth, leave this option turned off. (Default: 0). itself; to save bandwidth, leave this option turned off. (Default: 0)
**FallbackNetworkstatusFile** __FILENAME__:: **FallbackNetworkstatusFile** __FILENAME__::
If Tor doesn't have a cached networkstatus file, it starts out using this If Tor doesn't have a cached networkstatus file, it starts out using this
one instead. Even if this file is out of date, Tor can still use it to one instead. Even if this file is out of date, Tor can still use it to
learn about directory mirrors, so it doesn't need to put load on the learn about directory mirrors, so it doesn't need to put load on the
authorities. (Default: None). authorities. (Default: None)
**WarnPlaintextPorts** __port__,__port__,__...__:: **WarnPlaintextPorts** __port__,__port__,__...__::
Tells Tor to issue a warnings whenever the user tries to make an anonymous Tells Tor to issue a warnings whenever the user tries to make an anonymous
connection to one of these ports. This option is designed to alert users connection to one of these ports. This option is designed to alert users
to services that risk sending passwords in the clear. (Default: to services that risk sending passwords in the clear. (Default:
23,109,110,143). 23,109,110,143)
**RejectPlaintextPorts** __port__,__port__,__...__:: **RejectPlaintextPorts** __port__,__port__,__...__::
Like WarnPlaintextPorts, but instead of warning about risky port uses, Tor Like WarnPlaintextPorts, but instead of warning about risky port uses, Tor
will instead refuse to make the connection. (Default: None). will instead refuse to make the connection. (Default: None)
**AllowSingleHopCircuits** **0**|**1**:: **AllowSingleHopCircuits** **0**|**1**::
When this option is set, the attached Tor controller can use relays When this option is set, the attached Tor controller can use relays
@ -1300,14 +1300,14 @@ is non-zero):
of the __dayth__ day of one week to the same day and time of the next week, of the __dayth__ day of one week to the same day and time of the next week,
with Monday as day 1 and Sunday as day 7. If **day** is given, each with Monday as day 1 and Sunday as day 7. If **day** is given, each
accounting period runs from the time __HH:MM__ each day to the same time on accounting period runs from the time __HH:MM__ each day to the same time on
the next day. All times are local, and given in 24-hour time. (Defaults to the next day. All times are local, and given in 24-hour time. (Default:
"month 1 0:00".) "month 1 0:00")
**RefuseUnknownExits** **0**|**1**|**auto**:: **RefuseUnknownExits** **0**|**1**|**auto**::
Prevent nodes that don't appear in the consensus from exiting using this Prevent nodes that don't appear in the consensus from exiting using this
relay. If the option is 1, we always block exit attempts from such relay. If the option is 1, we always block exit attempts from such
nodes; if it's 0, we never do, and if the option is "auto", then we do nodes; if it's 0, we never do, and if the option is "auto", then we do
whatever the authorities suggest in the consensus. (Defaults to auto.) whatever the authorities suggest in the consensus. (Default: auto)
**ServerDNSResolvConfFile** __filename__:: **ServerDNSResolvConfFile** __filename__::
Overrides the default DNS configuration with the configuration in Overrides the default DNS configuration with the configuration in
@ -1320,28 +1320,28 @@ is non-zero):
If this option is false, Tor exits immediately if there are problems If this option is false, Tor exits immediately if there are problems
parsing the system DNS configuration or connecting to nameservers. parsing the system DNS configuration or connecting to nameservers.
Otherwise, Tor continues to periodically retry the system nameservers until Otherwise, Tor continues to periodically retry the system nameservers until
it eventually succeeds. (Defaults to "1".) it eventually succeeds. (Default: 1)
**ServerDNSSearchDomains** **0**|**1**:: **ServerDNSSearchDomains** **0**|**1**::
If set to 1, then we will search for addresses in the local search domain. If set to 1, then we will search for addresses in the local search domain.
For example, if this system is configured to believe it is in For example, if this system is configured to believe it is in
"example.com", and a client tries to connect to "www", the client will be "example.com", and a client tries to connect to "www", the client will be
connected to "www.example.com". This option only affects name lookups that connected to "www.example.com". This option only affects name lookups that
your server does on behalf of clients. (Defaults to "0".) your server does on behalf of clients. (Default: 0)
**ServerDNSDetectHijacking** **0**|**1**:: **ServerDNSDetectHijacking** **0**|**1**::
When this option is set to 1, we will test periodically to determine When this option is set to 1, we will test periodically to determine
whether our local nameservers have been configured to hijack failing DNS whether our local nameservers have been configured to hijack failing DNS
requests (usually to an advertising site). If they are, we will attempt to requests (usually to an advertising site). If they are, we will attempt to
correct this. This option only affects name lookups that your server does correct this. This option only affects name lookups that your server does
on behalf of clients. (Defaults to "1".) on behalf of clients. (Default: 1)
**ServerDNSTestAddresses** __address__,__address__,__...__:: **ServerDNSTestAddresses** __address__,__address__,__...__::
When we're detecting DNS hijacking, make sure that these __valid__ addresses When we're detecting DNS hijacking, make sure that these __valid__ addresses
aren't getting redirected. If they are, then our DNS is completely useless, aren't getting redirected. If they are, then our DNS is completely useless,
and we'll reset our exit policy to "reject *:*". This option only affects and we'll reset our exit policy to "reject *:*". This option only affects
name lookups that your server does on behalf of clients. (Defaults to name lookups that your server does on behalf of clients. (Default:
"www.google.com, www.mit.edu, www.yahoo.com, www.slashdot.org".) "www.google.com, www.mit.edu, www.yahoo.com, www.slashdot.org")
**ServerDNSAllowNonRFC953Hostnames** **0**|**1**:: **ServerDNSAllowNonRFC953Hostnames** **0**|**1**::
When this option is disabled, Tor does not try to resolve hostnames When this option is disabled, Tor does not try to resolve hostnames
@ -1372,9 +1372,9 @@ is non-zero):
cells spend in circuit queues to disk every 24 hours. (Default: 0) cells spend in circuit queues to disk every 24 hours. (Default: 0)
**DirReqStatistics** **0**|**1**:: **DirReqStatistics** **0**|**1**::
When this option is enabled, Tor writes statistics on the number and When this option is enabled, a Tor directory writes statistics on the
response time of network status requests to disk every 24 hours. number and response time of network status requests to disk every 24
(Default: 0) hours. (Default: 1)
**EntryStatistics** **0**|**1**:: **EntryStatistics** **0**|**1**::
When this option is enabled, Tor writes statistics on the number of When this option is enabled, Tor writes statistics on the number of
@ -1391,7 +1391,7 @@ is non-zero):
**ExtraInfoStatistics** **0**|**1**:: **ExtraInfoStatistics** **0**|**1**::
When this option is enabled, Tor includes previously gathered statistics in When this option is enabled, Tor includes previously gathered statistics in
its extra-info documents that it uploads to the directory authorities. its extra-info documents that it uploads to the directory authorities.
(Default: 0) (Default: 1)
DIRECTORY SERVER OPTIONS DIRECTORY SERVER OPTIONS
------------------------ ------------------------
@ -1488,7 +1488,7 @@ if DirPort is non-zero):
**FetchV2Networkstatus** **0**|**1**:: **FetchV2Networkstatus** **0**|**1**::
If set, we try to fetch the (obsolete, unused) version 2 network status If set, we try to fetch the (obsolete, unused) version 2 network status
consensus documents from the directory authorities. No currently consensus documents from the directory authorities. No currently
supported Tor version uses them. (Default: 0.) supported Tor version uses them. (Default: 0)
DIRECTORY AUTHORITY SERVER OPTIONS DIRECTORY AUTHORITY SERVER OPTIONS
@ -1522,7 +1522,7 @@ DIRECTORY AUTHORITY SERVER OPTIONS
**DirAllowPrivateAddresses** **0**|**1**:: **DirAllowPrivateAddresses** **0**|**1**::
If set to 1, Tor will accept router descriptors with arbitrary "Address" If set to 1, Tor will accept router descriptors with arbitrary "Address"
elements. Otherwise, if the address is not an IP address or is a private IP elements. Otherwise, if the address is not an IP address or is a private IP
address, it will reject the router descriptor. Defaults to 0. address, it will reject the router descriptor. (Default: 0)
**AuthDirBadDir** __AddressPattern...__:: **AuthDirBadDir** __AddressPattern...__::
Authoritative directories only. A set of address patterns for servers that Authoritative directories only. A set of address patterns for servers that
@ -1601,7 +1601,7 @@ DIRECTORY AUTHORITY SERVER OPTIONS
implemented) "bridge community" design, where a community of bridge implemented) "bridge community" design, where a community of bridge
relay operators all use an alternate bridge directory authority, relay operators all use an alternate bridge directory authority,
and their target user audience can periodically fetch the list of and their target user audience can periodically fetch the list of
available community bridges to stay up-to-date. (Default: not set.) available community bridges to stay up-to-date. (Default: not set)
**V3AuthVotingInterval** __N__ **minutes**|**hours**:: **V3AuthVotingInterval** __N__ **minutes**|**hours**::
V3 authoritative directories only. Configures the server's preferred voting V3 authoritative directories only. Configures the server's preferred voting
@ -1613,14 +1613,14 @@ DIRECTORY AUTHORITY SERVER OPTIONS
V3 authoritative directories only. Configures the server's preferred delay V3 authoritative directories only. Configures the server's preferred delay
between publishing its vote and assuming it has all the votes from all the between publishing its vote and assuming it has all the votes from all the
other authorities. Note that the actual time used is not the server's other authorities. Note that the actual time used is not the server's
preferred time, but the consensus of all preferences. (Default: 5 minutes.) preferred time, but the consensus of all preferences. (Default: 5 minutes)
**V3AuthDistDelay** __N__ **minutes**|**hours**:: **V3AuthDistDelay** __N__ **minutes**|**hours**::
V3 authoritative directories only. Configures the server's preferred delay V3 authoritative directories only. Configures the server's preferred delay
between publishing its consensus and signature and assuming it has all the between publishing its consensus and signature and assuming it has all the
signatures from all the other authorities. Note that the actual time used signatures from all the other authorities. Note that the actual time used
is not the server's preferred time, but the consensus of all preferences. is not the server's preferred time, but the consensus of all preferences.
(Default: 5 minutes.) (Default: 5 minutes)
**V3AuthNIntervalsValid** __NUM__:: **V3AuthNIntervalsValid** __NUM__::
V3 authoritative directories only. Configures the number of VotingIntervals V3 authoritative directories only. Configures the number of VotingIntervals
@ -1628,18 +1628,18 @@ DIRECTORY AUTHORITY SERVER OPTIONS
increases network partitioning risks; choosing low numbers increases increases network partitioning risks; choosing low numbers increases
directory traffic. Note that the actual number of intervals used is not the directory traffic. Note that the actual number of intervals used is not the
server's preferred number, but the consensus of all preferences. Must be at server's preferred number, but the consensus of all preferences. Must be at
least 2. (Default: 3.) least 2. (Default: 3)
**V3BandwidthsFile** __FILENAME__:: **V3BandwidthsFile** __FILENAME__::
V3 authoritative directories only. Configures the location of the V3 authoritative directories only. Configures the location of the
bandiwdth-authority generated file storing information on relays' measured bandiwdth-authority generated file storing information on relays' measured
bandwidth capacities. (Default: unset.) bandwidth capacities. (Default: unset)
**V3AuthUseLegacyKey** **0**|**1**:: **V3AuthUseLegacyKey** **0**|**1**::
If set, the directory authority will sign consensuses not only with its If set, the directory authority will sign consensuses not only with its
own signing key, but also with a "legacy" key and certificate with a own signing key, but also with a "legacy" key and certificate with a
different identity. This feature is used to migrate directory authority different identity. This feature is used to migrate directory authority
keys in the event of a compromise. (Default: 0.) keys in the event of a compromise. (Default: 0)
**RephistTrackTime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**:: **RephistTrackTime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
Tells an authority, or other node tracking node reliability and history, Tells an authority, or other node tracking node reliability and history,