Journal Update 27: New Onions!

Foreword

This entry does not constitute a return to writing. I’m still taking a step back from writing. I’m only writing this entry because I have to make an important announcement.

What’s New

If you don’t want to read this whole entry, just read the important announcement in the first bullet point of the subheading below.

New Onions And Key Rotation

• Generated new I2P destinations and Tor onions so that my name is consistent everywhere, including the base32 public key prefixes. The new links are on the about page. Update your bookmarks accordingly. The old I2P destinations and Tor onions will continue working until I retire them six months from now.

The new I2P destination private keys are kept offline while the online keys are rotated at regular intervals. This provides compromise recovery. I.e: If my server is hacked and the online keys are stolen, the attacker can only control the I2P destination until the keys expire, and I just keep rotating in new online keys according to schedule as if nothing happened.

Tor doesn’t yet support offline keys, so if the server is compromised I’ll have to generate a new onion. The good news is there are plans to support offline v3 onion service keys in Arti, a project to implement Tor in Rust. As soon as that’s implemented, I’ll move my onion key offline as well.

Reducing Housekeeping

• Created a changelog for this journal’s Hugo theme. Before, I was documenting the changes in update entries, which wasn’t a good place for them and created extra housekeeping.
• Put my retired DKIM private keys into a separate Git repo. Previously they were stored/referenced in this journal’s about page, which created extra housekeeping.

Goodbye Email

• Removed email from about page, leaving SimpleX as my only contact method. This may dissuade some people from reaching out, but I would rather that than people shooting themselves in the foot trying to encrypt emails to me. That had happened several times with both Age and previously PGP.

Future Plans

• Move Gemini and SimpleX server root certificates offline for compromise recovery
• Get rid of the promoted page
• Add more tags