[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image





2018-03-03 10:27 GMT+00:00 Moritz Bartl <moritz@xxxxxxxxxxxxxx>:
>
> On 03.03.2018 07:11, Roger Dingledine wrote:
> > Apparently the link from my blog post, to
> > https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
> > no longer has any mention pro or con disk encryption. I wonder if that
> > was intentionally removed by the torservers.net folks (maybe they have
> > even changed their mind on the advice?), or if it just fell out because
> > it's a wiki.
>
> I added the recommendation for "no disk encryption" back then, and it
> wasn't me who removed it.
>
> My own opinion has changed slightly: My general advice would still be to
> not do disk encryption, to reduce the amount of hassle and allow easier
> 'audits'. For additional protection, you better move the relay keys to a
> RAM disk.
>
> However, in our case, we don't really care how long they keep the
> machines for analysis, and we do not reuse hardware that was seized (it
> goes back into the provider pool, so some other customer might be in for
> a surprise...). In that case, a relay operator may decide to use disk
> encryption for integrity reasons: They at least have to ask you for the
> decryption key and cannot silently copy content or easily manipulate the
> file system.
>
> --
> Moritz Bartl
> https://www.torservers.net/

cool. thank you all for your words+thoughts+considerations.
very appreciated!


--
Vinícius Zavam
keybase.io/egypcio/key.asc
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays