mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-25 19:15:34 +00:00
01847e0123
A non-signing node can be allowed to re-sign its new node keys following key renewal/rotation (e.g. via `tailscale up --force-reauth`). To be able to do this, node's TLK is written into WrappingPubkey field of the initial SigDirect signature, signed by a signing node. The intended use of this field implies that, for each WrappingPubkey, we typically expect to have at most one active node with a signature tracing back to that key. Multiple valid signatures referring to the same WrappingPubkey can occur if a client's state has been cloned, but it's something we explicitly discourage and don't support: https://tailscale.com/s/clone This change propagates rotation details (wrapping public key, a list of previous node keys that have been rotated out) to netmap processing, and adds tracking of obsolete node keys that, when found, will get filtered out. Updates tailscale/corp#19764 Signed-off-by: Anton Tolchanov <anton@tailscale.com> |
||
|---|---|---|
| .. | ||
| aum_test.go | ||
| aum.go | ||
| builder_test.go | ||
| builder.go | ||
| chaintest_test.go | ||
| deeplink_test.go | ||
| deeplink.go | ||
| key_test.go | ||
| key.go | ||
| scenario_test.go | ||
| sig_test.go | ||
| sig.go | ||
| state_test.go | ||
| state.go | ||
| sync_test.go | ||
| sync.go | ||
| tailchonk_test.go | ||
| tailchonk.go | ||
| tka_test.go | ||
| tka.go | ||