[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Revoking your secret_id_key

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Revoking your secret_id_key
From: Nick Mathewson <nickm@xxxxxxxxxxxx>
Date: Mon, 3 Oct 2011 19:44:19 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 03 Oct 2011 19:44:34 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=CzpqPMA0z7T0nZF4jGQeo0HLCIKVEqqHGcI37rr06kg=; b=qkfetFKjf5owSsVW1roLVRbCedRL+nVlt0V8xB/I/fYTOlBozVE2xoe8Dg6KkQ9CHK bIj+Nu0Ls+yXbckjNws8Rrp8d1E7pq1vTfqb1BRyrdYrZqK+V27bTPpSA5TmOqWa7dFi myzfKl9KYnL1DoUWZxdQwR0weLt4f/AmCVb9E=
In-reply-to: <4E82F269.9080503@xxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4E82F269.9080503@xxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On Wed, Sep 28, 2011 at 6:09 AM, Anthony G. Basile
<basile@xxxxxxxxxxxxxxxxxx> wrote:
> Hi everyone,
>
> Is there a way of revoking your tor relay's secret_id_key?  For
> instance, suppose your server is compromised and you want to tell the
> world, don't trust this node anymore as a relay and/or exit, how would
> you do that?  The question occurred to me as I working with gpg.

The authorities can block nodes from appearing in the directory if you
convince them to do so.  One way to do that with cryptography is:

  * Make sure that your Contact line includes a GPG key fingerprint
for a key that you control.
  * If you need your node taken out of the directories, send out an
announcement saying so, signed with that GPG key.

Though in practice, people have gotten their nodes de-listed by just
sending out an unsigned announcement to the effect and convincing
everybody that they were really them.  There is probably an attack
opportunity there.

It might be worthwhile to add a feature where each Tor server
generates a signed "permanent shutdown notice" at the same time it
generates its key, and to suggest to node operators that they keep a
copy of that notice someplace secure so that they can circulate it as
needed if they need to prove that they are saying this node has been
compromised.  It'd probably need a design proposal.  I'm not sure how
much of a win it is over the GPG solution above: it saves some steps,
but still requires you to make preparations in advance.

yrs,
-- 
Nick
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Revoking your secret_id_key
  - From: Julian Yon

Prev by Author: Re: [tor-talk] Tor as a sort of "library/dependancy" for third party software
Next by Author: Re: [tor-talk] Best Tool to connect to my Private TOR Network
Previous by thread: Re: [tor-talk] Using `msmtp` and etc. with post servers under hidden services (resolved)
Next by thread: Re: [tor-talk] Revoking your secret_id_key
Index(es):
- Author
- Thread