--- title: "Journal Update 27: New Onions!" date: 2024-07-04T00:00:00Z tags: ['journal updates'] draft: false --- ## Foreword This entry does not constitute a return to writing. I'm still [taking a step back](/2023/12/09/journal-update-26/ "Journal Update 26: Taking a Step Back") from writing. I'm only writing this entry because I have to make an **important announcement**. ## What's New If you don't want to read this whole entry, just read the **important announcement** in the first bullet point of the subheading below. ### New Onions And Key Rotation * Generated new I2P destinations and Tor onions so that my name is consistent everywhere, including the base32 public key prefixes. The new links are on the [about page](/about/ "About Page"). Update your bookmarks accordingly. The old I2P destinations and Tor onions will continue working until I retire them six months from now. The new I2P destination private keys are kept offline while the online keys are rotated at regular intervals. This provides compromise recovery. I.e: If my server is hacked and the online keys are stolen, the attacker can only control the I2P destination until the keys expire, and I just keep rotating in new online keys according to schedule as if nothing happened. Tor doesn't yet support offline keys, so if the server is compromised I'll have to generate a new onion. The good news is there are [plans to support offline v3 onion service keys](https://gitlab.torproject.org/tpo/core/tor/-/issues/29054 "prop224: Implement offline keys for v3 onion services") in [Arti](https://tpo.pages.torproject.net/core/arti/), a project to implement Tor in Rust. As soon as that's implemented, I'll move my onion key offline as well. ### Reducing Housekeeping * Created a [changelog](https://git.nicholasjohnson.ch/hugo-theme-journal/about/CHANGELOG.md "Hugo Journal Theme Changelog") for [this journal's Hugo theme](https://git.nicholasjohnson.ch/hugo-theme-journal "Hugo Journal Theme"). Before, I was documenting the changes in [update entries](/tags/journal-updates/ "Journal Updates"), which wasn't a good place for them and created extra housekeeping. * Put my retired DKIM private keys into a [separate Git repo](https://git.nicholasjohnson.ch/dkim-privates "My DKIM Private Keys"). Previously they were stored/referenced in this journal's [about page](/about/ "About Page"), which created extra housekeeping. ### Goodbye Email * Removed email from [about page](/about/ "About Page"), leaving SimpleX as my only contact method. This may dissuade some people from reaching out, but I would rather that than people shooting themselves in the foot trying to encrypt emails to me. That had happened several times with both Age and previously PGP. ## Future Plans * Move Gemini and SimpleX server root certificates offline for compromise recovery * Get rid of the [promoted page](/promoted/ "Promoted Page") * Add more [tags](/tags/ "Tags")