Merge proposal 136 into dir-spec.txt. We need to get better about doing this.

svn:r17528

doc/spec/dir-spec.txt

@@ -909,6 +909,18 @@ $Id$
         server's administrator.  Administrators should include at least an
         email address and a PGP fingerprint.
 
+    "legacy-key" SP FINGERPRINT NL
+
+        [At most once]
+
+        Lists a fingerprint for an obsolete _identity_ key still used
+        by this authority to keep older clients working.  This option
+        is used to keep key around for a little while in case the
+        authorities need to migrate many identity keys at once.
+        (Generally, this would only happen because of a security
+        vulnerability that affected multiple authorities, like the
+        Debian OpenSSL RNG bug of May 2008.)
+
    The authority section of a consensus contains groups the following items,
    in the order given, with one group for each authority that contributed to
    the consensus, with groups sorted by authority identity digest:
@@ -1176,7 +1188,12 @@ $Id$
      The authority item groups (dir-source, contact, fingerprint,
      vote-digest) are taken from the votes of the voting
      authorities. These groups are sorted by the digests of the
-     authorities identity keys, in ascending order.
+     authorities identity keys, in ascending order.  If the consensus
+     method is 3 or later, a dir-source line must be included for
+     every vote with legacy-key entry, using the legacy-key's
+     fingerprint, the voter's ordinary nickname with the string
+     "-legacy" appended, and all other fields as from the original
+     vote's dir-source line.
 
      A router status entry:
         * is included in the result if some router status entry with the same

doc/spec/proposals/000-index.txt

@@ -58,7 +58,7 @@ Proposals by number:
 133  Incorporate Unreachable ORs into the Tor Network [DRAFT]
 134  More robust consensus voting with diverse authority sets [ACCEPTED]
 135  Simplify Configuration of Private Tor Networks [FINISHED]
-136  Mass authority migration with legacy keys [FINISHED]
+136  Mass authority migration with legacy keys [CLOSED]
 137  Keep controllers informed as Tor bootstraps [CLOSED]
 138  Remove routers that are not Running from consensus documents [CLOSED]
 139  Download consensus documents only when it will be trusted [CLOSED]
@@ -121,7 +121,6 @@ Proposals by status:
    111  Prioritizing local traffic over relayed traffic
    128  Families of private bridges
    135  Simplify Configuration of Private Tor Networks
-   136  Mass authority migration with legacy keys
  CLOSED:
    101  Voting on the Tor Directory System
    102  Dropping "opt" from the directory format
@@ -140,6 +139,7 @@ Proposals by status:
    126  Getting GeoIP data and publishing usage summaries
    129  Block Insecure Protocols by Default
    130  Version 2 Tor connection protocol
+   136  Mass authority migration with legacy keys
    137  Keep controllers informed as Tor bootstraps
    138  Remove routers that are not Running from consensus documents
    139  Download consensus documents only when it will be trusted

doc/spec/proposals/136-legacy-keys.txt

@@ -2,7 +2,7 @@ Filename: 136-legacy-keys.txt
 Title: Mass authority migration with legacy keys
 Author: Nick Mathewson
 Created: 13-May-2008
-Status: Finished
+Status: Closed
 Implemented-In: 0.2.0.x
 
 Overview: