[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] T-shirts and Confirming Relay Control

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] T-shirts and Confirming Relay Control
From: Tom van der Woerdt <info@xxxxxxx>
Date: Sun, 03 May 2015 15:31:01 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 03 May 2015 18:31:29 -0400
In-reply-to: <20150503214753.GF17362@localhost>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <20150503174439.GA17287@localhost> <alpine.LRH.2.02.1505031141460.25717@xxxxxxxxxxxxxxx> <20150503202054.GC17362@localhost> <20150503214753.GF17362@localhost>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0

Matthew Finkel schreef op 03/05/15 om 14:47:

On Sun, May 03, 2015 at 08:20:54PM +0000, Matthew Finkel wrote:

On Sun, May 03, 2015 at 12:05:49PM -0700, Aaron Hopkins wrote:

On Sun, 3 May 2015, Matthew Finkel wrote:

Assuming the path to their data dir is /var/lib/tor, we ask them to run:


Please don't get in the habit of asking relay operators through e-mail to
run complex bash command lines as root.  As a security practice, this is
terrible.  (How do you know the suggested command wasn't altered before it
reached its recipient?)


Yes, this is terrible, and I really hate the idea of asking it. I signed
all my emails for the t-shirt requests, but now we're relying on
everyone fetching my key and verifying the mail - so, that's also a bad
assumption. I don't have a good solution. This is why I'm asking.


What if we add the commands to the t-shirt[0] website? Again, this isn't
a great solution, but we already have documentation which requires
running commands with elevated privileges on there, and it's slightly
better than sending it in an email. These commands are still more
complex than I'd like, but if beside providing an executable or
verifiable shell script, I'm running low on solutions.

[0] https://www.torproject.org/getinvolved/tshirt

Thanks,
Matt


Hi Matt,

How about :

 * Primarily using ContactInfo for the verification

* If you cannot match the ContactInfo, ask people to set it on theirrelays* If they are unwilling/unable to do so, ask them to sign their mailaddress using their secret Tor key

 * Implement a --sign option for Tor 0.2.7
 * Starting a year from now, just ask everyone to sign the request

Proving ownership of a Tor relay can be relevant for more applicationsthan just Weather, so a simple --sign option can be good to have. Thatdoesn't address the immediate concerns though, it's more of a long-termsolution.

Tom

Attachment: smime.p7s
Description: S/MIME-cryptografische ondertekening

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] T-shirts and Confirming Relay Control
  - From: Matthew Finkel

References:
- [tor-relays] T-shirts and Confirming Relay Control
  - From: Matthew Finkel
- Re: [tor-relays] T-shirts and Confirming Relay Control
  - From: Aaron Hopkins
- Re: [tor-relays] T-shirts and Confirming Relay Control
  - From: Matthew Finkel
- Re: [tor-relays] T-shirts and Confirming Relay Control
  - From: Matthew Finkel

Prev by Author: Re: [tor-relays] tor network "loses" ~50 relays/day due to bw auth problem
Next by Author: Re: [tor-relays] Leaseweb exit relay notice
Previous by thread: Re: [tor-relays] T-shirts and Confirming Relay Control
Next by thread: Re: [tor-relays] T-shirts and Confirming Relay Control
Index(es):
- Author
- Thread