FallbackDirectoryMirrors selection criteria "uptime"
hi, Fallback directory mirrors [1] seem to be selected (if the need should arise, according to release planning and whatnot) with criteria "uptime", among others. And it's only this criteria I'm thinking about here: Now, in the wiki we have advice on how to improve relay security, and among many, there is advice to wipe the master key / identity every 1-2 years [2]. Fallback directory mirrors are *selected* based on uptime, and *expected* to stay up, of course, for about at least 2 years. This somehow encourages to keep your identity forever. That's a contradiction and it might end up in *not* selecting relays, whos operators care a lot about security. thanks martin [1] https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors [2] https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity#Vector1:D...
Martin Kepplinger:
That's a contradiction and it might end up in *not* selecting relays, whos operators care a lot about security.
If you care a lot about security you can use OfflineMasterKeys and keep your identity for a very long time and have no uptime problem. I added: https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity#Vector1:O... -- https://mastodon.social/@nusenu https://twitter.com/nusenu_
Am 22.09.2017 16:07 schrieb nusenu:
Martin Kepplinger:
That's a contradiction and it might end up in *not* selecting relays, whos operators care a lot about security.
If you care a lot about security you can use OfflineMasterKeys and keep your identity for a very long time and have no uptime problem.
I added: https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity#Vector1:O...
thanks. that should do it. I was actually looking into the offline master key feature. I will start using it, and wipe my current master key in the process. That got me thinking :)
participants (2)
-
Martin Kepplinger -
nusenu