summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--content/entry/journal-update-27.md41
1 files changed, 41 insertions, 0 deletions
diff --git a/content/entry/journal-update-27.md b/content/entry/journal-update-27.md
new file mode 100644
index 0000000..396a7c1
--- /dev/null
+++ b/content/entry/journal-update-27.md
@@ -0,0 +1,41 @@
+---
+title: "Journal Update 27: New Onions!"
+date: 2024-07-04T00:00:00Z
+tags: ['journal updates']
+draft: false
+---
+## Foreword
+
+This entry does not constitute a return to writing. I'm still [taking a step back](/2023/12/09/journal-update-26/ "Journal Update 26: Taking a Step Back") from writing. I'm only writing this entry because I have to make an **important announcement**.
+
+
+## What's New
+
+If you don't want to read this whole entry, just read the **important announcement** in the first bullet point of the subheading below.
+
+
+### New Onions And Key Rotation
+
+* Generated new I2P destinations and Tor onions so that my name is consistent everywhere, including the base32 public key prefixes. The new links are on the [about page](/about/ "About Page"). Update your bookmarks accordingly. The old I2P destinations and Tor onions will continue working until I retire them six months from now.
+
+The new I2P destination private keys are kept offline while the online keys are rotated at regular intervals. This provides compromise recovery. I.e: If my server is hacked and the online keys are stolen, the attacker can only control the I2P destination until the keys expire, and I just keep rotating in new online keys according to schedule as if nothing happened.
+
+Tor doesn't yet support offline keys, so if the server is compromised I'll have to generate a new onion. The good news is there are [plans to support offline v3 onion service keys](https://gitlab.torproject.org/tpo/core/tor/-/issues/29054 "prop224: Implement offline keys for v3 onion services") in [Arti](https://tpo.pages.torproject.net/core/arti/), a project to implement Tor in Rust. As soon as that's implemented, I'll move my onion key offline as well.
+
+
+### Reducing Housekeeping
+
+* Created a [changelog](https://git.nicholasjohnson.ch/hugo-theme-journal/about/CHANGELOG.md "Hugo Journal Theme Changelog") for [this journal's Hugo theme](https://git.nicholasjohnson.ch/hugo-theme-journal "Hugo Journal Theme"). Before, I was documenting the changes in [update entries](/tags/journal-updates/ "Journal Updates"), which wasn't a good place for them and created extra housekeeping.
+* Put my retired DKIM private keys into a [separate Git repo](https://git.nicholasjohnson.ch/dkim-privates "My DKIM Private Keys"). Previously they were stored/referenced in this journal's [about page](/about/ "About Page"), which created extra housekeeping.
+
+
+### Goodbye Email
+
+* Removed email from [about page](/about/ "About Page"), leaving SimpleX as my only contact method. This may dissuade some people from reaching out, but I would rather that than people shooting themselves in the foot trying to encrypt emails to me. That had happened several times with both Age and previously PGP.
+
+
+## Future Plans
+
+* Move Gemini and SimpleX server root certificates offline for compromise recovery
+* Get rid of the [promoted page](/promoted/ "Promoted Page")
+* Add more [tags](/tags/ "Tags")