[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Disk encryption for relays [was: FreeBSD 11.1 ZFS Tor Image]

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Disk encryption for relays [was: FreeBSD 11.1 ZFS Tor Image]
From: nusenu <nusenu-lists@xxxxxxxxxx>
Date: Sat, 03 Mar 2018 10:17:00 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 03 Mar 2018 05:17:37 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1520072237; bh=ttNUKbtIVJgrRcNL2lftekcwB8jzxNLwcc0X0iSvoNc=; h=Subject:To:References:From:Date:In-Reply-To:From; b=lvtZ4KmPUYS6N4QF1DOH2ARB1V9nxQDrd7JMafZ5m0OEAwDDcTHZcC9HPS2IC33se Z0eNVkvEZKWPmppEGtXrIpR7QkoGtzfHhlLQHGrVEQzD6tigueDXWHpQDZif/GZBCM 0MtZhxkrBK40OvdOc4ELwC/UOA5bOBos27ckHuWw=
In-reply-to: <20180303061112.GA23414@moria.seul.org>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <1778362.rEQJjLh0zu@beastie> <5312289.WsplOlsAN8@beastie> <CA+Kr6DNcfzsPLKgVagO0dZKG43x-r3i7nHN7tAzbFz5EmJtuOw@mail.gmail.com> <2637682.RtWIbDzEy2@beastie> <6Irs9eY2GLorfQlTH6s6JaxbkjKactQ8VqcvPNd_QycYfZR1iA6G9cTVD5_06M7DXc27m4a88FDC__I-47E-Cv2Aobj7WcKLVAicSviORAc=@protonmail.com> <20180303061112.GA23414@moria.seul.org>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>


Roger Dingledine:
> Capturing the on-disk keys from a relay will let them impersonate the
> relay in the future

To limit possibility to impersonate a relay in the future, operators can run in OfflineMasterKey mode
with a short SigningKeyLifetime (i.e. 5 days) and push key material via SSH to the relay. 
This will limit the ability of an attacker to impersonate the relays to 5 days in the worst case,
iff the attacker does not also compromise the host storing the Ed25519 master keys.

And if you actually want to do it: ansible-relayor does it by default (with 30 days SigningKeyLifetime).

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Disk encryption for relays [was: FreeBSD 11.1 ZFS Tor Image]
  - From: Roger Dingledine

Prev by Author: Re: [tor-relays] tor-instance-create vs. /etc/tor/torrc
Next by Author: Re: [tor-relays] Relay node requirements
Previous by thread: [tor-relays] Disk encryption for relays [was: FreeBSD 11.1 ZFS Tor Image]
Next by thread: Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image
Index(es):
- Author
- Thread