From 7e7c97cf2d5af24f0529cd6616a8d7ada4f147309746e61436041dee16c24015 Mon Sep 17 00:00:00 2001 From: Nicholas Johnson Date: Thu, 4 Jul 2024 00:00:00 +0000 Subject: New entry: journal-update-27 --- content/entry/journal-update-27.md | 41 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 content/entry/journal-update-27.md (limited to 'content/entry') diff --git a/content/entry/journal-update-27.md b/content/entry/journal-update-27.md new file mode 100644 index 0000000..396a7c1 --- /dev/null +++ b/content/entry/journal-update-27.md @@ -0,0 +1,41 @@ +--- +title: "Journal Update 27: New Onions!" +date: 2024-07-04T00:00:00Z +tags: ['journal updates'] +draft: false +--- +## Foreword + +This entry does not constitute a return to writing. I'm still [taking a step back](/2023/12/09/journal-update-26/ "Journal Update 26: Taking a Step Back") from writing. I'm only writing this entry because I have to make an **important announcement**. + + +## What's New + +If you don't want to read this whole entry, just read the **important announcement** in the first bullet point of the subheading below. + + +### New Onions And Key Rotation + +* Generated new I2P destinations and Tor onions so that my name is consistent everywhere, including the base32 public key prefixes. The new links are on the [about page](/about/ "About Page"). Update your bookmarks accordingly. The old I2P destinations and Tor onions will continue working until I retire them six months from now. + +The new I2P destination private keys are kept offline while the online keys are rotated at regular intervals. This provides compromise recovery. I.e: If my server is hacked and the online keys are stolen, the attacker can only control the I2P destination until the keys expire, and I just keep rotating in new online keys according to schedule as if nothing happened. + +Tor doesn't yet support offline keys, so if the server is compromised I'll have to generate a new onion. The good news is there are [plans to support offline v3 onion service keys](https://gitlab.torproject.org/tpo/core/tor/-/issues/29054 "prop224: Implement offline keys for v3 onion services") in [Arti](https://tpo.pages.torproject.net/core/arti/), a project to implement Tor in Rust. As soon as that's implemented, I'll move my onion key offline as well. + + +### Reducing Housekeeping + +* Created a [changelog](https://git.nicholasjohnson.ch/hugo-theme-journal/about/CHANGELOG.md "Hugo Journal Theme Changelog") for [this journal's Hugo theme](https://git.nicholasjohnson.ch/hugo-theme-journal "Hugo Journal Theme"). Before, I was documenting the changes in [update entries](/tags/journal-updates/ "Journal Updates"), which wasn't a good place for them and created extra housekeeping. +* Put my retired DKIM private keys into a [separate Git repo](https://git.nicholasjohnson.ch/dkim-privates "My DKIM Private Keys"). Previously they were stored/referenced in this journal's [about page](/about/ "About Page"), which created extra housekeeping. + + +### Goodbye Email + +* Removed email from [about page](/about/ "About Page"), leaving SimpleX as my only contact method. This may dissuade some people from reaching out, but I would rather that than people shooting themselves in the foot trying to encrypt emails to me. That had happened several times with both Age and previously PGP. + + +## Future Plans + +* Move Gemini and SimpleX server root certificates offline for compromise recovery +* Get rid of the [promoted page](/promoted/ "Promoted Page") +* Add more [tags](/tags/ "Tags") -- cgit v1.2.3