[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Tor Relay Performance

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Tor Relay Performance
From: irregulator@xxxxxxxxxx
Date: Tue, 25 Mar 2014 18:42:19 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 25 Mar 2014 12:42:40 -0400
In-reply-to: <66D80FCA-AE42-4A2F-A5A5-18B2D117570C@xxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <144f578af38.27ae.e04ee758f2dadc1889b5b423dda555f9@xxxxxxxxxx> <1834979.E3rdIiI3Jh@e9a4bfs47> <66D80FCA-AE42-4A2F-A5A5-18B2D117570C@xxxxxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Kilogaleon/9.1.3

On 03/25/2014 04:29 AM, Sebastian Hahn wrote:
> 
> On 24 Mar 2014, at 20:21, tor-admin <tor-admin@xxxxxxxxxx> wrote:
> 
>> There a couple of sysctrl parameters that Moritz described here: 
>> https://www.torservers.net/wiki/setup/server#sysctlconf
> 
> That website has at least one glaringly dangerous suggestion, namely
> 
> apt-key adv --recv-keys --keyserver keys.gnupg.net 886DDD89
> 
> The issue is that he key which is to be fetched from a public, untrusted
> keyserver using an unauthenticated protocol is not being verified at
> all. This immediately compromises the entire box in case someone is
> messing with your upstream traffic.
> 
> It would seem advisable to review the remainder of the advice there, and
> also fix the above problem.
> 
> Cheers
> Sebastian

A couple of thoughts on this :

one could use hkps as transport, as suggested here [1]

Mind that hkps will provide encryption while fetching the key, thus
anyone observing your traffic will not be able to know which key you did
fetch. What is more if you want gpg to work with hkps you will probably
have to trust the certificate of the hkps keyserver.

_But_ you should not rely on hkps or the server to fetch the right key.
What's the point of web of trust and digital signatures and stuff in the
end, if you just rely on single (perhaps central) point?

The correct way, I think, is to know a priori the correct fingerprint of
the public key you want to fetch. That is, you somehow have to know that
Tor's debian repository signing key is the one with fingerprint A3C4
F0F9 79CA A22C DBA8  F512 EE8C BC9E 886D DD89. Or somehow build a trust
path to it, for example if you trust one of the persons who have signed
it. [2]

I hope more people will give some input on this conversation though,
cause it's an important detail. Also I might miss something.

Cheers,
Alex

[1]
https://we.riseup.net/debian/openpgp-best-practices#consider-making-your-default-keyserver-use-a-keyse

[2]
http://keys.mayfirst.org/pks/lookup?op=vindex&search=0x886DDD89&fingerprint=on

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Tor Relay Performance
  - From: Sebastian Urbach
- Re: [tor-relays] Tor Relay Performance
  - From: tor-admin
- Re: [tor-relays] Tor Relay Performance
  - From: Sebastian Hahn

Prev by Author: Re: [tor-relays] Exit node re-writing PKI certificates?
Next by Author: [tor-relays] Relay configuration for FreedomBox
Previous by thread: Re: [tor-relays] Tor Relay Performance
Next by thread: [tor-relays] Port 8118 Traffic?
Index(es):
- Author
- Thread