[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5563 [Tor Relay]: Better support for ephemeral relay identity keys



#5563: Better support for ephemeral relay identity keys
-------------------------+--------------------------------------------------
 Reporter:  mikeperry    |          Owner:       
     Type:  enhancement  |         Status:  new  
 Priority:  normal       |      Milestone:       
Component:  Tor Relay    |        Version:       
 Keywords:               |         Parent:  #5456
   Points:               |   Actualpoints:       
-------------------------+--------------------------------------------------

Comment(by mikeperry):

 arma: I don't think so. I think I'm actually most concerned about our TLS
 keys, which I believe are rotated daily. But this rotation doesn't help if
 you assume an active adversary operating upstream from you. Can't they
 just take whatever keys you create and toss them away and re-sign new ones
 they control, using the identity key?

 nickm: I don't think relays have as much need for persistent identity as
 the dirauths do. At worst, if your OS crashes, you spend a few days being
 remeasured by the bandwidth auths... Also, personally I wouldn't want to
 deal with the hassle of creating a revocation statement and issuing a new
 "relay" key every time my box rebooted. I can barely keep up with rotating
 the things manually right now every reboot, hence the ramdisk suggestion
 to make it automatic.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5563#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs