[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Thandy attacks / suggestions

To: or-dev@xxxxxxxxxxxxx
Subject: Re: Thandy attacks / suggestions
From: Roger Dingledine <arma@xxxxxxx>
Date: Mon, 8 Dec 2008 14:48:09 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-dev-outgoing@xxxxxxxx
Delivered-to: or-dev@xxxxxxxx
Delivery-date: Mon, 08 Dec 2008 14:48:14 -0500
In-reply-to: <20081208011442.GE6497@xxxxxxxxxxxxxx>
References: <20081208011442.GE6497@xxxxxxxxxxxxxx>
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)

On Sun, Dec 07, 2008 at 08:14:42PM -0500, Roger Dingledine wrote:
> A2) Add another layer of indirection, so there's a timestampsigning key
> that signs the timestamp key. That timestampsigning key is listed in
> the key file, and it's kept offline. Whoever controls it still generates
> a new timestamp every month, but now all the master keys don't need to
> be bothered.

It occurs to me that an easier variation of this is to keep the
timestamp key on a very secure computer that's separate from the main
repository. Then it generates a new timestamp file periodically and
scp's it over to the main repository.

That way the timestamp key doesn't have to be stored on the same computer
that runs a big complex webserver.

In this day and age of "run a different VM for each task", that's not a
crazy notion.

--Roger

References:
- Thandy attacks / suggestions
  - From: Roger Dingledine

Prev by Author: Thandy attacks / suggestions
Next by Author: Re: Thandy attacks / suggestions
Previous by thread: Re: Thandy attacks / suggestions
Next by thread: Re: Thandy attacks / suggestions
Index(es):
- Author
- Thread