blob: 3a802c62ded223460ac0b1c4673b881e7389cb70d49fbdd9795d295e34b9bf47 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
---
title: "Journal Update 27: New Onions!"
date: 2024-07-04T00:00:00Z
tags: ['journal updates']
draft: false
---
## Foreword
This entry does not constitute a return to writing. I'm still [taking a step back](/2023/12/09/journal-update-26/ "Journal Update 26: Taking a Step Back") from writing. I'm only writing this entry because I have to make an **important announcement**.
## What's New
If you don't want to read this whole entry, just read the **important announcement** in the first bullet point of the subheading below.
### New Onions And Key Rotation
* Generated new I2P destinations and Tor onions so that my name is consistent everywhere, including the base32 public key prefixes. The new links are on the [about page](/about/ "About Page"). Update your bookmarks accordingly. The old I2P destinations and Tor onions will continue working until I retire them six months from now.
The new I2P destination private keys are kept offline while the online keys are rotated at regular intervals. This provides compromise recovery. I.e: If my server is hacked and the online keys are stolen, the attacker can only control the I2P destination until the keys expire, and I just keep rotating in new online keys according to schedule as if nothing happened.
Tor doesn't yet support offline keys, so if the server is compromised I'll have to generate a new onion. The good news is there are [plans to support offline v3 onion service keys](https://gitlab.torproject.org/tpo/core/tor/-/issues/29054 "prop224: Implement offline keys for v3 onion services") in [Arti](https://tpo.pages.torproject.net/core/arti/), a project to implement Tor in Rust. As soon as that's implemented, I'll move my onion key offline as well.
### Reducing Housekeeping
* Created a [changelog](https://git.nicholasjohnson.ch/hugo-theme-journal/about/CHANGELOG.md "Hugo Journal Theme Changelog") for [this journal's Hugo theme](https://git.nicholasjohnson.ch/hugo-theme-journal "Hugo Journal Theme"). Before, I was documenting the changes in [update entries](/tags/journal-updates/ "Journal Updates"), which wasn't a good place for them and created extra housekeeping.
* Put my retired DKIM private keys into a [separate Git repo](https://git.nicholasjohnson.ch/dkim-privates "My DKIM Private Keys"). Previously they were stored/referenced in this journal's [about page](/about/ "About Page"), which created extra housekeeping.
### Goodbye Email
* Removed email from [about page](/about/ "About Page"), leaving SimpleX as my only contact method. This may dissuade some people from reaching out, but I would rather that than people shooting themselves in the foot trying to encrypt emails to me. That had happened several times with both Age and previously PGP.
## Future Plans
* Move Gemini and SimpleX server root certificates offline for compromise recovery
* Get rid of the promoted page
* Add more [tags](/tags/ "Tags")
|
