[tor-bugs] #5563 [Tor Relay]: Better support for ephemeral relay identity keys
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Apr 4 01:51:43 UTC 2012
#5563: Better support for ephemeral relay identity keys
-------------------------+--------------------------------------------------
Reporter: mikeperry | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor Relay | Version:
Keywords: | Parent: #5456
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by mikeperry):
arma: I don't think so. I think I'm actually most concerned about our TLS
keys, which I believe are rotated daily. But this rotation doesn't help if
you assume an active adversary operating upstream from you. Can't they
just take whatever keys you create and toss them away and re-sign new ones
they control, using the identity key?
nickm: I don't think relays have as much need for persistent identity as
the dirauths do. At worst, if your OS crashes, you spend a few days being
remeasured by the bandwidth auths... Also, personally I wouldn't want to
deal with the hassle of creating a revocation statement and issuing a new
"relay" key every time my box rebooted. I can barely keep up with rotating
the things manually right now every reboot, hence the ramdisk suggestion
to make it automatic.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5563#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list