[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] upcoming directory authority changes

To: tor-relays@xxxxxxxxxxxxxxxxxxxx, Roger Dingledine <arma@xxxxxxxxxxxxxx>
Subject: Re: [tor-relays] upcoming directory authority changes
From: Tim Kuijsten via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 8 Dec 2022 17:59:14 +0100
Cc: Tim Kuijsten <info@xxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 09 Dec 2022 02:53:18 -0500
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=torproject.org; s=2022-eugeni; t=1670572393; i=@torproject.org; bh=OX9ABwouCB8g7mwDN1ryjLFI4/VT5s/KxPuOV4LBtR8=; h=Date:To:References:In-Reply-To:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=YKlVbUm2KyWvK+/QiydNYn66870qrMA5cwBcXLgtaIPsD0dVz1lBxjcdv+iMr8k3s dj3hPJYT0MxntQkN8bELZxpQ97EaLdj0jlSXNSQax8Bg6KiRvUkjNOAR57rVJfk9Yh OSVLyLqBDqg+rt8uWipINlzeyvy4FEn4X+NmQwMguODtjDUDXaCYmZxZec+YdgaHga 3WffRqLnVvhoq/lGUOD/ROX9oK4TdCEKkqcSOew603bCASjIfYNU2lweNpeBtvozoz oHxnt+2ay2R7+MpQzctkNVR+A/gXIJ1yQHM7+Imq/Vhz6X3IMMYRHXrX+w1bNEn4sb K7Y5NaKbfm1Qg==
In-reply-to: <Y4+NqRsXgjhJKgor@nogrod.csail.mit.edu>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Organization: Netsend
References: <Y4+NqRsXgjhJKgor@nogrod.csail.mit.edu>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2

(2) Rotate to fresh identity keys for moria1, the directory authority
that I run. In early November 2022 there was a remote break-in to the
computer running moria1. Based on the evidence and the type of attack,
I believe it was a standard automated attack -- that is, I think they
weren't targeting the directory authority and also they never realized it
*was* a directory authority. But to be extra safe, we decided to rotate
to a fresh set of keys. I was also in the middle of a planned move to
better hardware, so overall it was good timing for a fresh new start.

Thanks for sharing. I'm curious about the suspected standard automatedattack, can you share any details about it? Was it against the directoryserver code or against another service?

* Directory authority keys already have a notion of an offline long-term
identity with shorter-lifetime online keys that expire periodically,
with the goal of limiting the future impact of a compromise. But it seems
like this role separation never quite matches up well to the security
issues that arise in practice, whereas it definitely adds complexity
both to the design and to operation. This piece of the design could use
some new ideas.

I'd like to learn more about these security issues in practice. I canimagine physical security is a big part of it. Do you maybe have somespecific pointers for me to look for?

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] upcoming directory authority changes
  - From: Roger Dingledine

Prev by Author: [tor-relays] upcoming directory authority changes
Next by Author: Re: [tor-relays] cannot keep my bridge up
Previous by thread: Re: [tor-relays] upcoming directory authority changes
Next by thread: Re: [tor-relays] How to reduce tor CPU load on a single bridge?
Index(es):
- Author
- Thread