[Remops] Best practice for implementing new remailer keys
lists at notatla.org.uk
lists at notatla.org.uk
Tue Nov 5 21:43:13 GMT 2013
> Can Mixmaster (my version is 2:3.0.1b) handle having two mix keys, old
> and new, in its key.txt and secring.mix files for the switchover period
> of, say, 14 days?
The key data necessary is in secring.mix (for both/all keys) and the key.txt
is generated from that showing just the new key. After the overlap period
old versions keep the expired key in the file. (It's one of my extensions
to delete the old key data from the file so it can't fall into the hands of
someone wishing to use it to recover old messages.)
As the old key gets within 1 month of expiry mixmaster automatically makes
a new one - in a plan for having 1 at a time except for 1 month overlap.
> And what about my PGP remailer keys? Can Mixmaster also live with two
> pgp keys, old and new? Or is this not doable?
I haven't tried it but I'd imagine provided the passphrases are the same
it should work.
More information about the Remops
mailing list