On 16 Nov 2015, at 04:51, nusenu nusenu@openmailbox.org wrote:
Is the offline master key limited to ed25519 keys and useless
while using ed25519 + RSA keys at the same time? (because the RSA key is not offline?)
Hmmm. Probably yes. Until transition (until we remove permanently RSA identities) only the ed25519 key will be protected, RSA key will have to be online. Even in this case, directory authorities remember relays by their ed25519 + RSA pair of identities. If just one of them changes, that relay will be rejected.
Ok, so I guess the only reason to use offline master keys now is to not have to start from scratch once RSA keys are deprecated for real.
A compromised relay's RSA key can't be used to run another relay without the corresponding offline ed25519 key. (I am assuming that a RSA key with a missing ed25519 key is treated the same as a RSA key with a different ed25519 key: the authorities reject the relay with the missing ed25519 key from the consensus.)
This is a good reason to use offline ed25519 master keys, which doesn't relay on RSA keys being deprecated/removed.
Tim (teor)