[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Security implications of disabling onion key rotation?

To: Roger Dingledine <arma@xxxxxxxxxxxxxx>, tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Security implications of disabling onion key rotation?
From: David Fifield <david@xxxxxxxxxxxxxxx>
Date: Wed, 24 May 2023 18:54:16 -0600
Cc: Linus Nordberg <linus@xxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 24 May 2023 20:54:36 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bamsoftware.com; s=mail; h=Content-Type:MIME-Version:Message-ID:Subject:Cc: To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=LH5lWqpudUMwN+gvLXKwDD5NJg5coCnHc/HGCN0gE0Q=; b=s4fGwHfB5/8p/bSQjO2NtA4Ke8 izFxD+zyYY0U32faA2D8v07ERoVBYZIgfckMKp5RcS/upiD22+p7GzpoySD6XE8gt0PMcij6drBcF Y0zI7pmQwTQ5A6movLQeL08xWmHr4Wh++E5H/BFIWFNZrpA/ytWpjDhjJ65lqPr4Z43I=;
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Mail-followup-to: Roger Dingledine <arma@xxxxxxxxxxxxxx>, tor-relays@xxxxxxxxxxxxxxxxxxxx, Linus Nordberg <linus@xxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Linus Nordberg and I have had a paper accepted to FOCI 2023 on the
special pluggable transports configuration used on the Snowflake
bridges. That design was first hashed out on this mailing list last
year.
https://forum.torproject.net/t/tor-relays-how-to-reduce-tor-cpu-load-on-a-single-bridge/1483/11
https://github.com/net4people/bbs/issues/103
https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival%20Guides/Snowflake%20Bridge%20Installation%20Guide

There is a draft of the paper here:
https://www.bamsoftware.com/papers/pt-bridge-hiperf/pt-bridge-hiperf.20230307.pdf
https://www.bamsoftware.com/papers/pt-bridge-hiperf/pt-bridge-hiperf.20230307.tex

A question that more than one reviewer asked is, what are the security
implications of disabling onion key rotation as we do? (Section 3.2 in
the draft.) It's a good question and one we'd like to address in the
final draft.

What are the risks of not rotating onion keys? My understanding is that
rotation is meant to enhance forward security; i.e., limit how far back
in time past recorded connections can be attacked in the case of key
compromise. https://spec.torproject.org/tor-design Section 4 says:
	Short-term keys are rotated periodically and independently, to
	limit the impact of key compromise.
Do the considerations differ when using ntor keys versus TAP keys?
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: [tor-relays] mulitply ipv6 bridge lines for a single bridge
Next by Author: [tor-relays] MyFamily
Previous by thread: Re: [tor-relays] Tor Relay Operator Meetup - April 15th, 2023 at 19 UTC
Next by thread: [tor-relays] ContactInfo semantics
Index(es):
- Author
- Thread