On Mon, 30 Aug 2010 11:09:07 +0200 Karsten Loesing <karsten.loesing@xxxxxxx> wrote: > c) Steven proposes to i) encrypt logs to a public key (or rather to a > symmetric session key which is encrypted to a public key) and ii) to > reduce IP address hashes in those logs to 40 bits. That means he's > referring to problem 1) above. I think that i) is a good approach to > move sensitive logs from an Internet host to a more secure place to run > the evaluation on. I could imagine implementing this to be a general Tor > feature, so that people who need verbose logs for debugging can encrypt > them on their server and evaluate them on a safe machine. Log encryption doesn't need to be a new feature in Tor. Tell Tor to log to a file that just happens to be a Unix FIFO, and have an encryption tool designed for the task read from the pipe and write to a real file. > I'm slightly > concerned that this could encourage people to log more than they need. Using a pipe and a separate encryption tool has the advantage of being rather more difficult (and annoying) to set up than adding one new line to torrc. You can also glue on a chain of external log-sanitizing filters (invocations of grep/sed, perhaps?) before the log is encrypted that way. Robert Ransom
Attachment:
signature.asc
Description: PGP signature