mirrors
/
tailscale
mirror of https://github.com/tailscale/tailscale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
tailscale/tka
History
Anton Tolchanov fd6686d81a tka: truncate long rotation signature chains 
When a rotation signature chain reaches a certain size, remove the
oldest rotation signature from the chain before wrapping it in a new
rotation signature.

Since all previous rotation signatures are signed by the same wrapping
pubkey (node's own tailnet lock key), the node can re-construct the
chain, re-signing previous rotation signatures. This will satisfy the
existing certificate validation logic.

Updates #13185

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
 		2024-09-04 22:17:21 +01:00
..
aum.go all: use new AppendEncode methods available in Go 1.22 (#11079) 2024-02-08 17:55:03 -08:00
aum_test.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
builder.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
builder_test.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
chaintest_test.go all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
deeplink.go tka: add function for generating signing deeplinks (#8385) 2023-06-20 09:36:37 -07:00
deeplink_test.go tka: add function for generating signing deeplinks (#8385) 2023-06-20 09:36:37 -07:00
key.go tka: guard against key-length panics when verifying signatures 2023-07-19 15:33:01 -05:00
key_test.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
scenario_test.go all: cleanup unused code, part 1 (#10661) 2023-12-20 14:50:30 -08:00
sig.go tka: truncate long rotation signature chains 2024-09-04 22:17:21 +01:00
sig_test.go tka: truncate long rotation signature chains 2024-09-04 22:17:21 +01:00
state.go tka: clarify field comment 2023-11-27 18:35:33 -05:00
state_test.go various: add golangci-lint, fix issues (#7905) 2023-04-17 18:38:24 -04:00
sync.go all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
sync_test.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
tailchonk.go all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
tailchonk_test.go tka: fix go vet complaint on copy of lock value in tailchonk_test.go (#8208) 2023-05-25 13:34:13 -07:00
tka.go ipn/ipnlocal: discard node keys that have been rotated out 2024-06-03 10:56:09 +01:00
tka_clone.go cmd/tl-longchain: tool to re-sign nodes with long rotation signatures 2024-08-21 18:22:22 +01:00
tka_test.go all: implement lock revoke-keys command 2023-08-01 15:37:55 -05:00