💾 Archived View for nicholasjohnson.ch › 2024 › 07 › 04 › journal-update-27 › index.gmi captured on 2024-07-09 at 00:18:00. Gemini links have been rewritten to link to archived content

-=-=-=-=-=-=-

 _  _ _    _        _              _     _                      
| \| (_)__| |_  ___| |__ _ ___  _ | |___| |_  _ _  ___ ___ _ _  
| .` | / _| ' \/ _ \ / _` (_-< | || / _ \ ' \| ' \(_-</ _ \ ' \ 
|_|\_|_\__|_||_\___/_\__,_/__/  \__/\___/_||_|_||_/__/\___/_||_|

🔗 Return to homepage

📆 July 4, 2024 | ⏱️ 2 minute read | 🏷️ journal updates

Journal Update 27: New Onions!

Foreword

This entry does not constitute a return to writing. I'm still taking a step back¹ from writing. I'm only writing this entry because I have to make an important announcement.

What's New

If you don't want to read this whole entry, just read the important announcement in the first bullet point of the subheading below.

New Onions And Key Rotation

Generated new I2P destinations and Tor onions so that my name is consistent everywhere, including the base32 public key prefixes. The new links are on the about page². Update your bookmarks accordingly. The old I2P destinations and Tor onions will continue working until I retire them six months from now.

The new I2P destination private keys are kept offline while the online keys are rotated at regular intervals. This provides compromise recovery. I.e: If my server is hacked and the online keys are stolen, the attacker can only control the I2P destination until the keys expire, and I just keep rotating in new online keys according to schedule as if nothing happened.

Tor doesn't yet support offline keys, so if the server is compromised I'll have to generate a new onion. The good news is there are plans to support offline v3 onion service keys³ in Arti⁴, a project to implement Tor in Rust. As soon as that's implemented, I'll move my onion key offline as well.

Reducing Housekeeping

Created a changelog⁵ for this journal's Hugo theme⁶. Before, I was documenting the changes in update entries⁷, which wasn't a good place for them and created extra housekeeping.
Put my retired DKIM private keys into a separate Git repo⁸. Previously they were stored/referenced in this journal's about page⁹, which created extra housekeeping.

Goodbye Email

Removed email from about page¹⁰, leaving SimpleX as my only contact method. This may dissuade some people from reaching out, but I would rather that than people shooting themselves in the foot trying to encrypt emails to me. That had happened several times with both Age and previously PGP.

Future Plans

Move Gemini and SimpleX server root certificates offline for compromise recovery
Get rid of the promoted page¹¹
Add more tags¹²

References

🔗 [1]: Journal Update 26: Taking a Step Back

🔗 [2]: About Page

🔗 [3]: prop224: Implement offline keys for v3 onion services

🔗 [4]: Arti

🔗 [5]: Hugo Journal Theme Changelog

🔗 [6]: Hugo Journal Theme

🔗 [7]: Journal Updates

🔗 [8]: My DKIM Private Keys

🔗 [9]: About Page

🔗 [10]: About Page

🔗 [11]: Promoted Page

🔗 [12]: Tags