[freenet-dev] Warning: Deprecation of pre-1010 broken crypto keys

[Matthew Toseland]

The deprecation of old keys has been postponed due to the large quantity of 
old freesites, Thaw indexes etc currently on the network: We don't want to 
lose 70-80% of the current content all at once, this would look very bad to a 
newbie. PLEASE migrate your sites and indexes. Please also migrate your 
favourite unmaintained freesites etc, and indicate which site you are 
migrating on this board or sites so as to avoid duplication of effort (unless 
you are having difficulty fetching it and want somebody else to try).

We *will* however remove support for old keys soon - hopefully within june - 
so please move your content.

On Tuesday 22 May 2007 19:10, Matthew Toseland wrote:
> Unless there are vigorous objections, the next build of Freenet will have
> allowInsecureSSKs set to default to false. What this means is that unless
> you change the option, you cannot access freesites or SSK/USK files
> inserted using insecure crypto, i.e. inserted with keys generated before
> 1010. However, at a network level they will remain, for now, as will CHKs,
> for now.
>
> PLEASE migrate your freesites. If you particularly value a freesite which
> isn't your own, but isn't likely to be updated, migrate it yourself! You
> can always make clear that it's a mirror.
>
> The plan is for the next build (1035) to have allowInsecureSSKs=false, the
> one after it to have allowInsecureCHKs=false, and then for the code and the
> network-level support for insecure keys to be deleted some time later (on a
> scale of months probably). Code which only exists to replicate past
> insecurity for backwards compatibility's sake has no place in Freenet!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070529/4a202223/attachment.pgp