I bought my physical own server, and colocated it in a room in a datacenter I have 24/7 access to.
Also, I was not talking about KVM at any time?
Maybe read my e-mail before replying, please.
FDE on exits ON KVM's is discouraged because if the host has to reboot, your VM will be stuck at boot.
However, most big organization running Tor nodes have either their own colocated servers like me (except I am not a big contributor) or dedicated servers giving you more options.
I even have an intrusion (case-opening) sensor on my server which wipes RAM and kills power once activated.
-GH
On Sunday, October 6th, 2024 at 7:35 PM, boldsuck via tor-relays tor-relays@lists.torproject.org wrote:
On Saturday, 5 October 2024 00:40 George Hartley via tor-relays wrote:
You should default to full disk / partition encryption.
Apart from that FDE is not recommended, especially for Tor exits. What is the point of a 24/7/365 running cloud or KVM server that the admins can copy at any time? If you want to secure Cloud or KVM Tor server, you can use offline ed25519 identity keys.
On Friday, October 4th, 2024 at 11:51 PM, Osservatorio Nessuno via tor-
relays tor-relays@lists.torproject.org wrote:
While we could, I would think it is not a great security practice migrate keys that were on an old, non updated provider cluster when building a new node elsewhere. That would double the risk of someone else having the secret keys (old provider, new provider instead of just the new provider).
You are absolutely right. I didn't even think about it because I almost only have dedicated servers. You will soon have it even better with the Rack @home. :-) When you have everything ready, I would be happy to see server/rack pictures and which CPUs you are using.
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays