pinning relay keys to IPs (or not)
Perhaps a way to do it is reset the consensus for a relay if its IP address moves to a different Autonomous System. Is rare that dynamic IP causes relays to hop ASs (e.g. possibly SBC/ATT), and list of exceptions could be created for the few cases where it causes trouble. CYMRU has a dynamic service for looking up AS from IP.
On 27 Jul 2015, at 01:30 , starlight.2015q2@binnacle.cx wrote:
Perhaps a way to do it is reset the consensus for a relay if its IP address moves to a different Autonomous System.
Is rare that dynamic IP causes relays to hop ASs (e.g. possibly SBC/ATT), and list of exceptions could be created for the few cases where it causes trouble.
CYMRU has a dynamic service for looking up AS from IP.
What if an entire IP block (or entire AS) moves ASs? What if the external dependency on CYMRU allows the entire Tor Network to be "reset" if CYMRU is hacked/broken/incorrect? Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com pgp ABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 teor:
On 27 Jul 2015, at 01:30 , starlight.2015q2@binnacle.cx wrote:
Perhaps a way to do it is reset the consensus for a relay if its IP address moves to a different Autonomous System.
Is rare that dynamic IP causes relays to hop ASs (e.g. possibly SBC/ATT), and list of exceptions could be created for the few cases where it causes trouble.
CYMRU has a dynamic service for looking up AS from IP.
What if an entire IP block (or entire AS) moves ASs?
What if the external dependency on CYMRU allows the entire Tor Network to be "reset" if CYMRU is hacked/broken/incorrect?
That will all not work, IPs are nothing which you can rely on and reset consens if it does change. My home IP jump between to ASs every day on reconnect. My ISP own both AS and with the IPv4 shortage that will get even more crazy the next few years. I'm cleary against reset consens, ban FP or what ever you guys think would be right. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVtQXaAAoJEHkrhgAY5jaZjqgQAIprJTp+23DCddKlym8z/RkN jhUK0zpWNpCYnfnlRujNtBcLoZBrKXCN5HhglOB70qsOONC6oGpKoQ1u51xiX1wL zDH39kiRgZnhmaJm3W8J4Q2ZiLU233VLgfHsnuBWiFwGErBwRDIqMI6NDF6vbdF3 D7iXY8Adp4/6bwJaf0UDMt6qjYTUtL53vvtnjMK2eKwuwfiuXJjl8yQaDFN6qdzD fSiohvUQdGN7oLDdqIOEmkBtX/ndK29aqvO+1mS8aXqkwDujNZHfDvoLYINJFEdG qM5v7FLZY7Ey2FB3jaJQICq0DjUcRQM2+i2XilKQH/nQNeX5t4VjEhv4Gj+WR86b S7v+m2vEwzLqqeZlyii31Cl9LBN8xOzUaw1JP2ErC9gxoB0BxyOz7Nv5Op49l1d6 yRxgYxyD/JIXJEC6GwvOCZOjITZBlMq4rhTX8kNLafwyiw2VucP5iPfEFZ09rXNt 9wr+68fhUU9OqUiolZJ44dIkRhBvymTaBFZNIcXqlrEh63vrIX5RSmNldxH84cau 6IpAuBREA7teqrWxoxYw/s2M6+BHqQiJVK5I4rlJyTk8KLyraDQ2W+QjGF2ZCKn9 HRiLTelLuREtH2nR4JDIrOAL+OacF6cqnh0ozRe/1h3q6zgEhp263GZxVpvroL9V 6yVR/Y6yi9mAQ/BHTgAG =ZZCo -----END PGP SIGNATURE-----
participants (3)
-
starlight.2015q2@binnacle.cx -
teor -
Tor-Admin