diff options
| author | Nick Mathewson <nickm@torproject.org> | 2013-06-12 21:07:27 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-06-12 21:11:49 -0400 |
| commit | a3f6f3316a8037e723f225021186a772cb6707fe (patch) | |
| tree | ff84dd4ca95943ad0c5b14b866cf66363f10456c /doc/v3-authority-howto.txt | |
| parent | 75b7cc1785c040b4f0deb46b89fecec5c90a9fe6 (diff) | |
| download | tor-a3f6f3316a8037e723f225021186a772cb6707fe.tar tor-a3f6f3316a8037e723f225021186a772cb6707fe.tar.gz | |
Remove various outdated documents.
doc/TODO and doc/spec/README were placeholders to tell people where to
look for the real TODO and README stuff -- we replaced them years ago,
though.
authority-policy, v3-authority-howto, and torel-design.txt belong in
torspec. I'm putting them in attic there since I think they may be in
large part obsolete, but someone can rescue them if they're not.
translations.txt is outdated, and refers to lots of programs other
than Tor. We have much better translation resources on the website
now.
tor-win32-mingw-creation.txt is pending review of a revised version
for 0.2.5 (see ticket #4520), but there's no reason to ship this one
while we're waiting for an accurate version.
the tor-rpm-creation.txt isn't obsolete AFAIK, but it belongs in
doc/contrib if anywhere.
Resolves bug #8965.
Diffstat (limited to 'doc/v3-authority-howto.txt')
| -rw-r--r-- | doc/v3-authority-howto.txt | 84 |
1 files changed, 0 insertions, 84 deletions
diff --git a/doc/v3-authority-howto.txt b/doc/v3-authority-howto.txt deleted file mode 100644 index e4470e8c8..000000000 --- a/doc/v3-authority-howto.txt +++ /dev/null @@ -1,84 +0,0 @@ - - How to add a v3 directory authority. - -What we'll be doing: - - We'll be configuring your Tor server as a v3 directory authority, - generating a v3 identity key plus certificates, and adding your v3 - identity fingerprint to the list of default directory authorities. - -The steps: - -0) Make sure you're running ntp, and that your time is correct. - - Make sure you have Tor version at least r12724. In the short term, - running a working authority may mean running the latest version of - Tor from SVN trunk. Later on, we hope that it will become easier - and you can just run a recent development release (and later still, - a recent stable release). - -1) First, you'll need a certificate. Run ./src/tools/tor-gencert to - generate one. - - Run tor-gencert in a separate, very secure directory. Maybe even on - a more secure computer. The first time you run it, you will need to - run it with the --create-identity-key option to make a v3 authority - identity key. Subsequent times, you can just run it as-is. - - tor-gencert will make 3 files: - - authority_identity_key -- THIS IS VERY SECRET AND VERY SENSITIVE. - DO NOT LEAK IT. DO NOT LOSE IT. - - authority_signing_key -- A key for signing votes and v3 conensuses. - - authority_certificate -- A document authenticating your signing key - with your identity-key. - - You will need to rotate your signing key periodically. The current - default lifetime is 1 year. We'll probably take this down to a month or - two some time soon. To rotate your key, run tor-gencert as before, - but without the --create-identity-key option. - -2) Copy authority_signing_key and authority_certificate to your Tor keys - directory. - - For example if your data directory is /var/lib/tor/, you should run - cp authority_signing_key authority_certificate /var/lib/tor/keys/ - - You will need to repeat this every time you rotate your certificate. - -3) Tell your Tor to be a v3 authority by adding these lines to your torrc: - - AuthoritativeDirectory 1 - V3AuthoritativeDirectory 1 - -4) Now your authority is generating a networkstatus opinion (called a - "vote") every period, but none of the other authorities care yet. The - next step is to get a Tor developer (likely Roger or Nick) to add - your v3 identity fingerprint to the default list of dirservers. - - First, you need to learn your authority's v3 identity fingerprint. - It should be in your authority_certificate file in a line like: - - fingerprint 3041632465FA8847A98B2C5742108C72325532D9 - - One of the Tor developers then needs to add this fingerprint to - the add_default_trusted_dirservers() function in config.c, using - the syntax "v3ident=<fingerprint>". For example, if moria1's new v3 - identity fingerprint is FOO, the moria1 dirserver line should now be: - - DirServer moria1 v1 orport=9001 v3ident=FOO 128.31.0.34:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441 - - The v3ident item must appear after the nickname and before the IP. - -5) Once your fingerprint has been added to config.c, we will try to - get a majority of v3 authorities to upgrade, so they know about you - too. At that point your vote will automatically be included in the - networkstatus consensus, and you'll be a fully-functioning contributing - v3 authority. - - Note also that a majority of the configured v3 authorities need to - agree in order to generate a consensus: so this is also the point - where extended downtime on your server means missing votes. - |