On 03/03/2018 04:27 AM, Moritz Bartl wrote: > On 03.03.2018 07:11, Roger Dingledine wrote: >> Apparently the link from my blog post, to >> https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines >> no longer has any mention pro or con disk encryption. I wonder if that >> was intentionally removed by the torservers.net folks (maybe they have >> even changed their mind on the advice?), or if it just fell out because >> it's a wiki. > I added the recommendation for "no disk encryption" back then, and it > wasn't me who removed it. > > My own opinion has changed slightly: My general advice would still be to > not do disk encryption, to reduce the amount of hassle and allow easier > 'audits'. For additional protection, you better move the relay keys to a > RAM disk. > > However, in our case, we don't really care how long they keep the > machines for analysis, and we do not reuse hardware that was seized (it > goes back into the provider pool, so some other customer might be in for > a surprise...). In that case, a relay operator may decide to use disk > encryption for integrity reasons: They at least have to ask you for the > decryption key and cannot silently copy content or easily manipulate the > file system. > Personally, I think entire disk encryption just to protect the keys is way too much of a hassle. I completely agree with your solution - place the keys in a ramdisk, that's actually a great idea. I'll put that into what I'm building up right now. Regards, Conrad Rockenhaus
Attachment:
0x424F4C61.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays