mirrors
/
tailscale
mirror of https://github.com/tailscale/tailscale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
tailscale/tka
History
Anton Tolchanov fd6686d81a tka: truncate long rotation signature chains 
When a rotation signature chain reaches a certain size, remove the
oldest rotation signature from the chain before wrapping it in a new
rotation signature.

Since all previous rotation signatures are signed by the same wrapping
pubkey (node's own tailnet lock key), the node can re-construct the
chain, re-signing previous rotation signatures. This will satisfy the
existing certificate validation logic.

Updates #13185

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
 		2024-09-04 22:17:21 +01:00
..
aum.go
aum_test.go
builder.go
builder_test.go
chaintest_test.go all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
deeplink.go
deeplink_test.go
key.go
key_test.go
scenario_test.go
sig.go tka: truncate long rotation signature chains 2024-09-04 22:17:21 +01:00
sig_test.go tka: truncate long rotation signature chains 2024-09-04 22:17:21 +01:00
state.go
state_test.go
sync.go all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
sync_test.go
tailchonk.go all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
tailchonk_test.go
tka.go ipn/ipnlocal: discard node keys that have been rotated out 2024-06-03 10:56:09 +01:00
tka_clone.go cmd/tl-longchain: tool to re-sign nodes with long rotation signatures 2024-08-21 18:22:22 +01:00
tka_test.go