[tor-bugs] #24872 [Community/Relays]: remove outdated tor relay security recommendations and update these wiki pages

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Aug 5 14:05:59 UTC 2018 

#24872: remove outdated tor relay security recommendations and update these wiki
pages
------------------------------+--------------------------
 Reporter:  cypherpunks       |          Owner:  Jaruga
     Type:  defect            |         Status:  accepted
 Priority:  Medium            |      Milestone:
Component:  Community/Relays  |        Version:
 Severity:  Normal            |     Resolution:
 Keywords:                    |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+--------------------------

Comment (by nusenu):

 I'd propose:

 * lets limit the scope to tor in relay mode only (tor clients or tor onion
 services are not covered) - this is somewhat obvious since the page lifes
 under /TorRelayGuide
 * title "Tor Relay Security Best Practices"

 * have a (small) generic/high level section that applies to all platforms
 (because we can not cover every possible OS)
   * this section will not include step-by-step instructions since it is OS
 independent
   * the physical security section
   * OS (hardware vs. virtual, OS level access authentication, pointer to
 auto-updates)
 * have a (bigger) section for tor
   * primarily focuses on the tor daemon itself and its security relevant
 settings and recommendations

 * convey the order in which different options are preferred (example: bare
 metal installations are considered better than VPS installation)
 * consider the current installation steps as a baseline and tell people
 what they could do on top of that if they want to do better than that
 * include no-go's
 * avoid conflicting statements regarding disk encryption


 * maybe have something like levels
  * basic (default install as described per the guide + auto updates)
  * intermediate
  * high (runs on hardware, 2FA, offline master keys with signing key
 lifetime < 30day)


 * lets remove the following sections:
  * "Tor-only firewalling with iptables" (because we cover it generically
 for all platforms in the generic section)
  * Coldboot attacks (due to new offline master key section that mitigates
 this attack vector)

 * Replace section "Restricting SSH access"  with a recommendation to use
 strong authentication (part of the generic section)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24872#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list