[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)



>> I don't know any context or background but if you fear this could happen
>> to you again, I recommend to use tor's OfflineMasterKey feature (without
>> copying the master key to the server) with a short keylifetime (i.e. 7
>> days), especially if it is a fallback dir
>> (which requires a tor source code change to remove it).
> 
> Thanks for this feature, I don't know it !

If you want to use it you likely want to automate that especially with a
keylifetime of < 30days
because copying around files manually every week is no fun.
ansible-relayor does that out of the box for you ;)
https://github.com/nusenu/ansible-relayor

>> Could you also confirm the relay fingerprints (in addition to the
>> nicknames)?
> 
> kitten1 86E78DD3720C78DA8673182EF96C54B162CD660C
> kitten2 2EBD117806EE43C3CC885A8F1E4DC60F207E7D3E

thanks for the fingerprints.

Did you shutdown kitten3/4 (yoda.imirhil.fr)
3F5D8A879C58961BB45A3D26AC41B543B40236D6
6FB38EB22E57EF7ED5EF00238F6A48E553735D88

yourself? (last seen Monday 2017-05-15 11:00) or did Online SAS cancel
this second VPS after the first one got seized?

thanks,
nusenu

-- 
https://mastodon.social/@nusenu
https://twitter.com/nusenu_

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays