[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Exit relay seized by police

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Exit relay seized by police
From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>
Date: Tue, 10 Nov 2015 23:06:50 +1100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 10 Nov 2015 07:07:17 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:message-id :references:to; bh=71Fo16MsGFPicaGF9nPugdzaf0ASFSpud9rV7VGhSi8=; b=VmTQkODoJm0Lnw3YqSADnOC4kADHdqVVCqnbXWGwABjynPDqcO8tSThYCz5502yO80 9njeC8EsMl06tQ8Y13ZGaIxWscu1j6669UIpS5jVk2d1a4sJ7Ivzc3CCUYRO4Bpccb/Z ra3JJyCfBHi9yjQQANdz7OQjG7XjhVvVo2nqSFkdJnMmHeCZDjPyZaEjQLnIkr7v97q3 KZhCIYbrh6Ba382rVSy6zNQil/CMQambjDsE3t/J/iIZADYdM7nUUkUt27+3du/IDZ9N M5GhRbOmwkHuPEmQjm5uBur+AsJl85A46XwU3/hSuIixUsj8Mf8NSeXHnsGidHSqYTp1 IogA==
In-reply-to: <20151110030328.GA8887@xxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <6A1A7197064.00000712beatthebastards@xxxxxxxxx> <563D0B17.4010306@xxxxxxxxxxx> <563D0B74.8030001@xxxxxxxxxxx> <A42181D5-B443-4750-8657-1F14DC39CA84@xxxxxxxxx> <56413A3B.4090109@xxxxxxxxxxxxxx> <6B405BED-D4E1-4997-8E73-A07A232DBB73@xxxxxxxxx> <56413CF3.4080809@xxxxxxxxxxxxxx> <20151110030328.GA8887@xxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 10 Nov 2015, at 14:03, Sean Greenslade <sean@xxxxxxxxxxxxxxxxxx> wrote:

On Tue, Nov 10, 2015 at 12:40:19AM +0000, Tim Sammut wrote:
I meant is it possible for a relay operator to detect if a snapshot of a
running VM or VPS has been taken? Asked slightly differently, if I have
a relay running as a VPS or VM, can I somehow detect if my provider took
a snapshot of the relay without informing me?

Probably not. With most VM solutions, storage is pretty well abstracted
from the virtual guests. I know that with Xen and OpenVZ, the typical
way storage is provided (loopbacks) gives no way for the guest to see
what the hypervisor is doing to the data. Furthermore, if the data is on
a SAN, there's even more ways that the data can be snooped at without
informing the guest of such activities.

You could use an encrypted disk partition for key storage, but that only protects the keys "at rest", and not in memory.

There is also ongoing development work on offline ed25519 master identity keys.

The master key need never be stored on the server itself.

Instead, it is used to certify a number of medium-term signing keys, and those keys are then sent to the server.

An operator can limit the scope of compromise to the number of signing keys on the server.

An operator can transmit the next signing key just before the previous one expires, limiting the scope of compromise to a single signing key.

There is also work on key revocation, where a key can be cancelled in the event of compromise.

See https://trac.torproject.org/projects/tor/ticket/13642 for more details.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- Re: [tor-relays] Exit relay seized by police
  - From: I
- Re: [tor-relays] Exit relay seized by police
  - From: Josef Stautner
- Re: [tor-relays] Exit relay seized by police
  - From: Josef Stautner
- Re: [tor-relays] Exit relay seized by police
  - From: Tim Wilson-Brown - teor
- Re: [tor-relays] Exit relay seized by police
  - From: Tim Sammut
- Re: [tor-relays] Exit relay seized by police
  - From: Tim Wilson-Brown - teor
- Re: [tor-relays] Exit relay seized by police
  - From: Tim Sammut
- Re: [tor-relays] Exit relay seized by police
  - From: Sean Greenslade

Prev by Author: Re: [tor-relays] TorFlow
Next by Author: Re: [tor-relays] TorFlow
Previous by thread: Re: [tor-relays] Exit relay seized by police
Next by thread: [tor-relays] VPS/dedi paid with bitcoin for exit node anyone?
Index(es):
- Author
- Thread