diff --git a/history.txt b/history.txt
index ab376a4a9b..3dd700a2ff 100644
--- a/history.txt
+++ b/history.txt
@@ -1,3 +1,10 @@
+2015-08-29 zzz
+ * Router:
+   - Change default RI sig type to Ed25519, with a 10% chance od
+     rekeying from DSA at each restart
+   - Don't initialize KeyManager before selecting sig type
+   - Don't log KeyManager error when changing sig type
+
 2015-08-25 zzz
  * i2psnark:
    - Return partial piece to coordinator after reject
@@ -7,6 +14,7 @@
      will be requested again, but not from the same peer
    - Fix NPE in Request constructor on error
    - Fix stuck before completion due to reject handling (ticket #1633)
+   - Fix orphaned temp files due to reject handling (ticket #1635)
 
 2015-08-02 zzz
  * Console: Fix SSL excluded ciphers (thx lazyg)
diff --git a/router/java/src/net/i2p/router/KeyManager.java b/router/java/src/net/i2p/router/KeyManager.java
index 2807e8fe7f..3317b92903 100644
--- a/router/java/src/net/i2p/router/KeyManager.java
+++ b/router/java/src/net/i2p/router/KeyManager.java
@@ -60,6 +60,11 @@ public class KeyManager {
         _leaseSetKeys = new ConcurrentHashMap<Hash, LeaseSetKeys>();
     }
     
+    /**
+     *  Read keys in from disk, blocking
+     *
+     *  @deprecated we never read keys in anymore
+     */
     public void startup() {
         // run inline so keys are loaded immediately
         (new SynchronizeKeysJob()).runJob();
@@ -79,17 +84,29 @@ public class KeyManager {
         queueWrite();
     }
 
-    /** router */
-    public PrivateKey getPrivateKey() { return _privateKey; }
+    /**
+     * Router key
+     * @return will be null on error or before startup() or setKeys() is called
+     */
+    public synchronized PrivateKey getPrivateKey() { return _privateKey; }
 
-    /** router */
-    public PublicKey getPublicKey() { return _publicKey; }
+    /**
+     * Router key
+     * @return will be null on error or before startup() or setKeys() is called
+     */
+    public synchronized PublicKey getPublicKey() { return _publicKey; }
 
-    /** router */
-    public SigningPrivateKey getSigningPrivateKey() { return _signingPrivateKey; }
+    /**
+     * Router key
+     * @return will be null on error or before startup() or setKeys() is called
+     */
+    public synchronized SigningPrivateKey getSigningPrivateKey() { return _signingPrivateKey; }
 
-    /** router */
-    public SigningPublicKey getSigningPublicKey() { return _signingPublicKey; }
+    /**
+     * Router key
+     * @return will be null on error or before startup() or setKeys() is called
+     */
+    public synchronized SigningPublicKey getSigningPublicKey() { return _signingPublicKey; }
     
     /** client */
     public void registerKeys(Destination dest, SigningPrivateKey leaseRevocationPrivateKey, PrivateKey endpointDecryptionKey) {
@@ -216,6 +233,11 @@ public class KeyManager {
                 _signingPublicKey  = (SigningPublicKey) readin;
         }
 
+        /**
+         *  @param param non-null, filled-in if exists is true, or without data if exists is false
+         *  @param exists write to file if true, read from file if false
+         *  @return structure or null on read error
+         */
         private DataStructure syncKey(File keyFile, DataStructure structure, boolean exists) {
             OutputStream out = null;
             InputStream in = null;
diff --git a/router/java/src/net/i2p/router/Router.java b/router/java/src/net/i2p/router/Router.java
index bb7e5068d4..c6cc76f685 100644
--- a/router/java/src/net/i2p/router/Router.java
+++ b/router/java/src/net/i2p/router/Router.java
@@ -577,8 +577,6 @@ public class Router implements RouterClock.ClockShiftListener {
         if (!SystemVersion.isAndroid())
             I2PThread.addOOMEventListener(_oomListener);
         
-        _context.keyManager().startup();
-        
         setupHandlers();
         //if (ALLOW_DYNAMIC_KEYS) {
         //    if ("true".equalsIgnoreCase(_context.getProperty(Router.PROP_HIDDEN, "false")))
diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java
index 282c18b422..0725033fa6 100644
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@@ -18,7 +18,7 @@ public class RouterVersion {
     /** deprecated */
     public final static String ID = "Monotone";
     public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 2;
+    public final static long BUILD = 3;
 
     /** for example "-test" */
     public final static String EXTRA = "";
diff --git a/router/java/src/net/i2p/router/startup/CreateRouterInfoJob.java b/router/java/src/net/i2p/router/startup/CreateRouterInfoJob.java
index 03076cb1e8..7c18f63334 100644
--- a/router/java/src/net/i2p/router/startup/CreateRouterInfoJob.java
+++ b/router/java/src/net/i2p/router/startup/CreateRouterInfoJob.java
@@ -35,6 +35,7 @@ import net.i2p.router.RouterContext;
 import net.i2p.router.util.EventLog;
 import net.i2p.util.Log;
 import net.i2p.util.SecureFileOutputStream;
+import net.i2p.util.SystemVersion;
 
 /**
  *  Warning - misnamed. This creates a new RouterIdentity, i.e.
@@ -49,9 +50,10 @@ public class CreateRouterInfoJob extends JobImpl {
     public static final String INFO_FILENAME = "router.info";
     public static final String KEYS_FILENAME = "router.keys";
     public static final String KEYS2_FILENAME = "router.keys.dat";
-    private static final String PROP_ROUTER_SIGTYPE = "router.sigType";
-    /** TODO when changing, check isAvailable() and fallback to DSA_SHA1 */
-    private static final SigType DEFAULT_SIGTYPE = SigType.DSA_SHA1;
+    static final String PROP_ROUTER_SIGTYPE = "router.sigType";
+    /** TODO make everybody Ed */
+    private static final SigType DEFAULT_SIGTYPE = (SystemVersion.isARM() || SystemVersion.isAndroid()) ?
+                                                   SigType.DSA_SHA1 : SigType.EdDSA_SHA512_Ed25519;
 
     CreateRouterInfoJob(RouterContext ctx, Job next) {
         super(ctx);
@@ -166,7 +168,7 @@ public class CreateRouterInfoJob extends JobImpl {
      *  @since 0.9.16
      */
     public static SigType getSigTypeConfig(RouterContext ctx) {
-        SigType cstype = CreateRouterInfoJob.DEFAULT_SIGTYPE;
+        SigType cstype = DEFAULT_SIGTYPE;
         String sstype = ctx.getProperty(PROP_ROUTER_SIGTYPE);
         if (sstype != null) {
             SigType ntype = SigType.parseSigType(sstype);
diff --git a/router/java/src/net/i2p/router/startup/LoadRouterInfoJob.java b/router/java/src/net/i2p/router/startup/LoadRouterInfoJob.java
index 27d0269606..eebd0f02be 100644
--- a/router/java/src/net/i2p/router/startup/LoadRouterInfoJob.java
+++ b/router/java/src/net/i2p/router/startup/LoadRouterInfoJob.java
@@ -110,6 +110,16 @@ class LoadRouterInfoJob extends JobImpl {
                 // check if the sigtype config changed
                 SigType cstype = CreateRouterInfoJob.getSigTypeConfig(getContext());
                 boolean sigTypeChanged = stype != cstype;
+                if (sigTypeChanged && getContext().getProperty(CreateRouterInfoJob.PROP_ROUTER_SIGTYPE) == null) {
+                    // Not explicitly configured, and default has changed
+                    // Give a 10% chance of rekeying for each restart
+                    // TODO reduce from 10 to ~3 (i.e. increase probability) in future release
+                    if (getContext().random().nextInt(10) > 0) {
+                        sigTypeChanged = false;
+                        if (_log.shouldWarn())
+                            _log.warn("Deferring RI rekey from " + stype + " to " + cstype);
+                    }
+                }
 
                 if (sigTypeChanged || shouldRebuild(privkey)) {
                     if (sigTypeChanged)