[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] upcoming directory authority changes



(2) Rotate to fresh identity keys for moria1, the directory authority
that I run. In early November 2022 there was a remote break-in to the
computer running moria1. Based on the evidence and the type of attack,
I believe it was a standard automated attack -- that is, I think they
weren't targeting the directory authority and also they never realized it
*was* a directory authority. But to be extra safe, we decided to rotate
to a fresh set of keys. I was also in the middle of a planned move to
better hardware, so overall it was good timing for a fresh new start.

Thanks for sharing. I'm curious about the suspected standard automated attack, can you share any details about it? Was it against the directory server code or against another service?

* Directory authority keys already have a notion of an offline long-term
identity with shorter-lifetime online keys that expire periodically,
with the goal of limiting the future impact of a compromise. But it seems
like this role separation never quite matches up well to the security
issues that arise in practice, whereas it definitely adds complexity
both to the design and to operation. This piece of the design could use
some new ideas.

I'd like to learn more about these security issues in practice. I can imagine physical security is a big part of it. Do you maybe have some specific pointers for me to look for?
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays