Re: SSL Keys + Identity of a Tor server

[Roger Dingledine <arma@xxxxxxx>]

On Tue, Jun 03, 2008 at 03:45:07PM -0400, dante wrote:
> 1) Do I need the secret_onion_key also?  It appears to be regenerated
> occasionally so I assuming it doesn't matter for the identity of the
> node.  I'm not sure what its function is which is what lead me to the
> original post.

You don't need to keep it. It gets rotated every week or so. Its function
is to be the encryption key that clients use when establishing a circuit
through you and making a session key. It is separate from the identity
key because it is good security practice to have different keys for
different roles. (That turns out to have been a smart move in light of
this particular security problem, even. :)

> 2) Is preserving the Nickname and the secret_id_key sufficient, as per
> the FAQ?  In particular, if the IP address changes, does it matter?

nickname and secret_id_key are all it takes. IP address can change.

> 1) I'm thinking of moving my tor relay server to another IP address.

Sounds fine. Some relays get a new IP address every night automatically.

> 2) This server was an ubuntu box and was affected by the debian openssl
> flaw.  It used to be flagged as "Named" in the listing, but ever since I
> regenerated the keys, it has remained unamed.

Yep. It will stay that way for several months until the old name<->key
binding expires.

> 3) I'm working on a (new) release of a ramdisk-only tor server (I posted
> about it before), but this time, I want to make sure that on reboots, it
> preserve all the necessary files to maintain the node's ID.

Fun.

--Roger