Commit 0dd48bfe authored by Nick Mathewson's avatar Nick Mathewson 👁
Browse files

Change the default of AuthDirPinKeys to 1.

Closes ticket 18319.
parent bd2a1d02
o Minor features (directory authority, security):
- The default for AuthDirPinKeys is now 1: directory authorities will
reject relays where the RSA identity key matches a previously seen
value, but the Ed25519 key has changed. Closes ticket 18319.
......@@ -2265,7 +2265,7 @@ on the public Tor network.
publish a descriptor if any other relay has reserved its <Ed25519,RSA>
identity keypair. In all cases, Tor records every keypair it accepts
in a journal if it is new, or if it differs from the most recently
accepted pinning for one of the keys it contains. (Default: 0)
accepted pinning for one of the keys it contains. (Default: 1)
[[AuthDirSharedRandomness]] **AuthDirSharedRandomness** **0**|**1**::
Authoritative directories only. Switch for the shared random protocol.
......
......@@ -211,7 +211,7 @@ static config_var_t option_vars_[] = {
V(AuthDirInvalidCCs, CSV, ""),
V(AuthDirFastGuarantee, MEMUNIT, "100 KB"),
V(AuthDirGuardBWGuarantee, MEMUNIT, "2 MB"),
V(AuthDirPinKeys, BOOL, "0"),
V(AuthDirPinKeys, BOOL, "1"),
V(AuthDirReject, LINELIST, NULL),
V(AuthDirRejectCCs, CSV, ""),
OBSOLETE("AuthDirRejectUnlisted"),
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment