> On 22 Jun 2016, at 21:43, simon <komsat@xxxxxxxxxxxxxxxxxxx> wrote: > > Hi, > > Is it possible to have multiple Tor-nodes (with different keypair and > fingerprint) at the same IP-Port combination? Or does that not work with > the Directory implementation? In general, no, because it violates the relay authenticity guarantee that the process you're talking to owns the private keys corresponding to the fingerprint in the consensus. Tor will warn pretty loudly if it gets a key with a different fingerprint from the one in the consensus. > The idea would be to have nodes under an anycast IP, because the anycast > network has a lot of unused capacity. It would be great to think about how any cast could work with Tor, but I suspect we've baked in a lot of assumptions about IP addresses into the Tor code, and even the Tor security design. > Another possibilty is to replicate the same node and re-use the same > keypair in multiple physical locations for the same anycast IP, but I'm > not sure this is a good idea. It would make the keys more vulnerable, and it also interferes with Tor's canonical connection code. (And likely other code that assumes 1 key = 1 IPv4.) Tim > > Simon > _______________________________________________ > tor-relays mailing list > tor-relays@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays