diff options
author | Roger Dingledine <arma@torproject.org> | 2005-01-21 08:20:01 +0000 |
---|---|---|
committer | Roger Dingledine <arma@torproject.org> | 2005-01-21 08:20:01 +0000 |
commit | 01cd23ef628cf0ff96743b04b18fb8573327d3fe (patch) | |
tree | 9a3369685f625609de04e6543940feca84a9ea37 /doc/dir-spec.txt | |
parent | d4d131cc832818010bff04c1d5bf1e176b49520a (diff) | |
download | tor-01cd23ef628cf0ff96743b04b18fb8573327d3fe.tar tor-01cd23ef628cf0ff96743b04b18fb8573327d3fe.tar.gz |
a few more thoughts about seeds
svn:r3399
Diffstat (limited to 'doc/dir-spec.txt')
-rw-r--r-- | doc/dir-spec.txt | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/doc/dir-spec.txt b/doc/dir-spec.txt index 32e71f92f..0c349a515 100644 --- a/doc/dir-spec.txt +++ b/doc/dir-spec.txt @@ -106,8 +106,12 @@ Piece two: (optional) and not fingerprints, it also means that dirservers can rotate their signing keys transparently. - But, keeping track of the seed keys becomes a critical security issue; - and rotating them in a backward-compatible way adds complexity. + But, keeping track of the seed keys becomes a critical security issue. + And rotating them in a backward-compatible way adds complexity. Also, + dirserver locations must be at least somewhere static, since each lost + dirserver degrades reachability for old clients. So as the dirserver + list rolls over we have no choice but to put out new versions. + Piece three: (optional) |