TorHSM.md

+The TorHSM work item aims to letting directory authority signing keys move to a so called Hardware Security Module (HSM) based on the CrypTech Alpha board. 
+The Tor part of this project produces code for little-t-tor, a program for key management and support software for development and test.
+See [https://trac.cryptech.is/wiki/ExternalProjectsTorHSM the CrypTech wiki] for a description of TorHSM from the CrypTech point of view. 
+ 
+== Status
+
+* 2019-07-10 Successfully producing a consensus with one dirauth using an emulated HSM device in a Chutney test network (basic) with TestingV3AuthInitialVotingInterval set to 120 and VoteDelay/DistDelay at 20, when the HSM takes 8 seconds to produce a signature.
+
+== Design
+
+== Code
+
+=== tor
+
+https://gitweb.torproject.org/user/linus/tor.git/log/?h=torhsm
+
+NOTE: This branch is not meant for merging into master!
+It's a PoC written to minimize the diff against tor-0.3.5.8 in order to show what needs to be done.
+Refactoring of the consensus handling code should be done before trying to get this functionality into master. 
+
+
+=== chutney
+
+https://gitweb.torproject.org/user/linus/chutney.git/log/?h=torhsm
+
+NOTE: Quite a few necessary actions for setting things up properly are not done by Chutney, see note in [https://gitweb.torproject.org/user/linus/chutney.git/tree/networks/basic-hsm?h=torhsm networks/basic-hsm] for a list.
+
+
+=== USB gadget emulation
+
+== Notes
+
+* [[org/meetings/2019Stockholm/Notes/TorHSM]]
+
+== Open questions
+
+* Figure out how legacy dirauth keys are meant to be used and if they're still considered a good idea.
+
+* Does tor still need variable consensus periods? If so, our idea with rate-limiting might not work. 
+
+* Really verify new signing keys ('verify'), or simply activate new key when operator says so ('activate')?
+
+* Require PIN or not?
+
+== To do