Re: [tor-relays] T-shirts and Confirming Relay Control

Subject: Re: [tor-relays] T-shirts and Confirming Relay Control

From: Geo Rift <tim.cochrane.laptop@xxxxxxxxx>

Date: Tue, 5 May 2015 18:53:30 +0800

Delivery-date: Tue, 05 May 2015 06:53:42 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=8WFJLyjjabBwP7nICBNsyBFjrxG1EZR+WlR3h6QiR8w=; b=Z83UOT3fRoHA7PFkXR6GHAa5geuZKv9p6DQUKi5ZuADERb1XJir3LszLpJl40HOs0u bQTihvkseAYFY/zxoXy4iyDy/Irg/s0+OddTXbIDnt2U9AMsBu40L+w181uBVE0mIflB GSIXyckCeN0hUcumQT2PAcc/wS7vUq+HNv5QTF4iTLqVbmvFujQ/36IE2K7+foDZ/0yH Zs/YOwiJ7JcIhJlo2ixbCe8VRKs9TbDzSTUHPxcuKSEVH+b7i1mhgT5prHQ4cz8aKYjr BpK2Kimfkm4cG4qmCIqrwYSUAP6GhZcyT50dIPmPrAYuEZWPkNrLLGSok3fvQHEcDzzj H0YA==

In-reply-to: <d1f0c7b59a8b3f5e90cfe017de930214@xxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

References: <20150503174439.GA17287@localhost> <d1f0c7b59a8b3f5e90cfe017de930214@xxxxx>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

AVee,

Would it not be possible for me to specify the ExitNode in my torrc and then do the wget to prove my "ownership"?
I haven't tried to specify a single node before so I'm not sure if it'd work.

Thanks,
Tim

-----BEGIN PGP SIGNATURE-----
Version: Mailvelope v0.13.1
Comment: https://www.mailvelope.com

wsFcBAEBCAAQBQJVSKElCRC8Tq5FO2jmKgAA4hMP/3nPoz/ygyRrtpzWxYQT
S6+EN5A3DlPHX/fWgSHVdtaZKatb/OBfH4db6anvf1T1t7yhA8u1YxTKSLxA
TOB0Bk3n5BC6H0dCBusAMLcGBb/r/navz5ficu2N8/mP7Yvee2zMuTMPmWML
awWw1pgh90cHQbMYvs0k5/DsByxzdfRPzkSL5i1jrKNyiEaDNZTDMo0dm2cf
dkyiW/Qr1HueO8qkVTzzeGthCVN+saUmhfWIKnQfs1nMG64Hrh+8S7oMEmoK
efHJT6bAPn0fWr9STiqV19xKmAPuYAOSSHMOdRiI8CAS/bfPMZQvOjHwmKBm
Tp0AqKrVequEQDiKeuQOinEksdMVMPi8C1ifCL70GM4T5QOyK2CzbSuWmi8e
fr2D/mN5fSKVcITgud29FxQKYjP8rmxYcCBBTF9m4/W/XdN9eXrOjHko0HEK
4dGMmzdf6/Wx9+kgS3n9pcOabSd742FUwb2ZqIRXsxpcg0S8mJc3vU5OVTsC
VurtbRQVycIbfOvDtqogbUpPGLe3D/Z0nkqjHuoP746SKFnNeB6rVu9b4Zdh
HDclgMy9L2q2nuOS1KvOfDgoEYa0A/tfRDG4qahaovrn/ayonAvwtnUgtgkK
HMdyh83msC72l3apxAMqCh6sZfijuxjIOTUQBicbHemrLyf1KVrK7RJ/6U4h
phH0
=ZXd3
-----END PGP SIGNATURE-----

On 5 May 2015 at 17:58, AVee <d6relay@xxxxx> wrote:

On 2015-05-03 19:44, Matthew Finkel wrote:

Hi Ops,

[...]

For this case, we need an authentication mechanism which
proves control of the relay but is something relay operators won't mind
running.

My currently plan is to ask relay operators to sign the fingerprint file
which tor creates. The major disadvantage of this method is that it must
be run as root (or a user with access to tor's data directory).

If you are willing to lower the bar for 'proof' a bit I'd ask them to fetch a confirmation url send to them from the connection their node runs on. Spoofing an IP address for a TCP connection isn't trivial and seems rather a lot of effort for just a t-shirt. So it at least proofs access to the connection the node is running on. That could be a simple unprivileged wget one-liner.

It leaves room for some abuse, but does raise the bar quite a bit.

If you do want to use the tor key couldn't you use it as a key for ssl client authentication? That would allow for further automation and you could be build into tor in the future.

AVee

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays