_  _ _    _        _              _     _
| \| (_)__| |_  ___| |__ _ ___  _ | |___| |_  _ _  ___ ___ _ _
| .` | / _| ' \/ _ \ / _` (_-< | || / _ \ ' \| ' \(_-</ _ \ ' \
|_|\_|_\__|_||_\___/_\__,_/__/  \__/\___/_||_|_||_/__/\___/_||_|

🔗 Return to homepage

📆 July 4, 2024 | ⏱️ 2 minute read | 🏷️ journal updates

Journal Update 27: New Onions!

Foreword

This entry does not constitute a return to writing. I'm still taking a step back¹ from writing. I'm only writing this entry because I have to make an important announcement.

What's New

If you don't want to read this whole entry, just read the important announcement in the first bullet point of the subheading below.

New Onions And Key Rotation

• Generated new I2P destinations and Tor onions so that my name is consistent everywhere, including the base32 public key prefixes. The new links are on the about page². Update your bookmarks accordingly. The old I2P destinations and Tor onions will continue working until I retire them six months from now.

The new I2P destination private keys are kept offline while the online keys are rotated at regular intervals. This provides compromise recovery. I.e: If my server is hacked and the online keys are stolen, the attacker can only control the I2P destination until the keys expire, and I just keep rotating in new online keys according to schedule as if nothing happened.

Tor doesn't yet support offline keys, so if the server is compromised I'll have to generate a new onion. The good news is there are plans to support offline v3 onion service keys³ in Arti⁴, a project to implement Tor in Rust. As soon as that's implemented, I'll move my onion key offline as well.

Reducing Housekeeping

• Created a changelog⁵ for this journal's Hugo theme⁶. Before, I was documenting the changes in update entries⁷, which wasn't a good place for them and created extra housekeeping.
• Put my retired DKIM private keys into a separate Git repo⁸. Previously they were stored/referenced in this journal's about page⁹, which created extra housekeeping.

Goodbye Email

• Removed email from about page¹⁰, leaving SimpleX as my only contact method. This may dissuade some people from reaching out, but I would rather that than people shooting themselves in the foot trying to encrypt emails to me. That had happened several times with both Age and previously PGP.

Future Plans

• Move Gemini and SimpleX server root certificates offline for compromise recovery
• Get rid of the promoted page
• Add more tags¹¹

References

🔗 [1]: Journal Update 26: Taking a Step Back
🔗 [2]: About Page
🔗 [3]: prop224: Implement offline keys for v3 onion services (https://gitlab.torproject.org)
🔗 [4]: Arti (https://tpo.pages.torproject.net)
🔗 [5]: Hugo Journal Theme Changelog (https://git.nicholasjohnson.ch)
🔗 [6]: Hugo Journal Theme (https://git.nicholasjohnson.ch)
🔗 [7]: Journal Updates
🔗 [8]: My DKIM Private Keys (https://git.nicholasjohnson.ch)
🔗 [9]: About Page
🔗 [10]: About Page
🔗 [11]: Tags

Copyright © 2020-2024 Nicholas Johnson. CC BY-SA 4.0.