hi,
Fallback directory mirrors [1] seem to be selected (if the need should arise, according to release planning and whatnot) with criteria "uptime", among others. And it's only this criteria I'm thinking about here:
Now, in the wiki we have advice on how to improve relay security, and among many, there is advice to wipe the master key / identity every 1-2 years [2].
Fallback directory mirrors are *selected* based on uptime, and *expected* to stay up, of course, for about at least 2 years. This somehow encourages to keep your identity forever.
That's a contradiction and it might end up in *not* selecting relays, whos operators care a lot about security.
thanks
martin
[1] https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors [2] https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity#Vector1:D...
Martin Kepplinger:
That's a contradiction and it might end up in *not* selecting relays, whos operators care a lot about security.
If you care a lot about security you can use OfflineMasterKeys and keep your identity for a very long time and have no uptime problem.
I added: https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity#Vector1:O...
Am 22.09.2017 16:07 schrieb nusenu:
Martin Kepplinger:
That's a contradiction and it might end up in *not* selecting relays, whos operators care a lot about security.
If you care a lot about security you can use OfflineMasterKeys and keep your identity for a very long time and have no uptime problem.
I added: https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity#Vector1:O...
thanks. that should do it.
I was actually looking into the offline master key feature. I will start using it, and wipe my current master key in the process. That got me thinking :)
tor-relays@lists.torproject.org
-
Martin Kepplinger -
nusenu