[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] pinning relay keys to IPs (or not)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

[split from 'Giving away some "pre-warmed" relay keys for adoption']

> I'm of the opinion that it may be worth adding code to pin relay 
> identities to IP addresses on the DirAuth side so that consensus 
> weight and flag assignment gets totally reset if the ORPort IP 
> changes, but if there's too much churn already it may cause more 
> trouble than it's worth.

I hope such code will not be added, because it renders relays on dynamic
IPs basically useless.
In the past ~week only there were >1000 fingerprints (<3% cw fraction)
using more than one IP address (in that timeframe)


> I'm somewhat torn on the whole key pinning thing, because I think
> an individual operator moving their relay around is sort of ok
> (though in an ideal world the consensus weight should get reset and
> rapidly re-measured), but giving away the private component of a
> relay's identity key is putting users at risk, and is behavior that
> should be discouraged if not outright prohibited if possible (and
> key pinning would be a heavy handed way to rule out this sort of 
> stupidity).
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVtOqsAAoJEFv7XvVCELh0N2oQAJYXVGM0hHJzBl3i7tkfZx8E
hEd9PgyX0v+nXnlAU06lsFltK12VaCkXp9Gft8TlmshP6NqsdHk+KPrtumUE7IA4
MmYmmVi5Tb8AyN241nr/RbYOUS+9nz2VvtkhaikkvbFxwzua678I13P1PC/QPki3
S4KwQ0YYYlUrG529GhLaGkm5byX3N+MAdGQn04xzCDzBW/j3GxbZYBj4+tqgHONR
9iAs5/p00MFVGp3Ex8xJKBVRW0NRT//fKRrZtRDBaNxduUg7F0EccO4zlPjTUBAM
e+g8tergT4ICixddhRih0iGA3ysw3/mI1KyvOMegZXkUQ0Yo+puR4O7S2w4WoWRh
1tkkbcFWAh4sCKDPLlD/sqWKFDkHLtP3AOG+KGgybkhULNU1GgAftV39QVrsABx/
oP/dhC9d+MablSZg6qS8dxTV3L+E5EdE2RX226+BPjRkUSqphojEYjDpiaR3/COU
2BmACmPIuiS60DfaiqygKQaCwvgDl6q96o5oZEmPHem2SIxh5o3DD1wLJgKKEsiL
WgmoRHTLfqc2Uq0442oi7KMhgGcIffS8xKbb1xw/9yIF2WiKrluFFWau5k6cQYA2
0buDAz7WWi7kxUCnn39NcyrtWoOWMziRH+rjv5esoRN7W5k2GNtBcylZ6kyzcudr
hy7j6rYMLpUHsVc2NHKd
=8W7p
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays