Hi,
Is it possible to have multiple Tor-nodes (with different keypair and fingerprint) at the same IP-Port combination? Or does that not work with the Directory implementation?
The idea would be to have nodes under an anycast IP, because the anycast network has a lot of unused capacity.
Another possibilty is to replicate the same node and re-use the same keypair in multiple physical locations for the same anycast IP, but I'm not sure this is a good idea.
Simon
On 22 Jun 2016, at 21:43, simon komsat@kalidasa.klamath.ch wrote:
Hi,
Is it possible to have multiple Tor-nodes (with different keypair and fingerprint) at the same IP-Port combination? Or does that not work with the Directory implementation?
In general, no, because it violates the relay authenticity guarantee that the process you're talking to owns the private keys corresponding to the fingerprint in the consensus.
Tor will warn pretty loudly if it gets a key with a different fingerprint from the one in the consensus.
The idea would be to have nodes under an anycast IP, because the anycast network has a lot of unused capacity.
It would be great to think about how any cast could work with Tor, but I suspect we've baked in a lot of assumptions about IP addresses into the Tor code, and even the Tor security design.
Another possibilty is to replicate the same node and re-use the same keypair in multiple physical locations for the same anycast IP, but I'm not sure this is a good idea.
It would make the keys more vulnerable, and it also interferes with Tor's canonical connection code. (And likely other code that assumes 1 key = 1 IPv4.)
Tim
Simon _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
tor-relays@lists.torproject.org
-
simon -
Tim Wilson-Brown - teor