[tor-relays] Towards a Tor Node Best Best Practices Document

[Mike Perry]

Thus spake Mike Perry (mikeperry at torproject.org):

> You're failing to see the distinction made between adversaries, which
> was the entire point of the motivating section of the document. Rekeying
> *will* thwart some adversaries.
> 
> > I suspect getting the keys through either mechanism might be
> > trivial compared to getting the infrastructure in place to use
> > the keys for a non-theoretical attack that is cost-effective.
> 
> The infrastructure is already there for other reasons. See for example,
> the CALEA broadband intercept enhancements of 2007 in the USA. Those can
> absolutely be used to target specific Tor users and completely
> transparently deanonymize their Tor traffic today, with one-time key
> theft (via NSL subpoena) of Guard node keys. 

Btw, before the above causes someone to jot "Enemy Combatant" down in a
file somewhere, I just want to clarify that I believe "lawful intercept"
is a total sham, dangerously weakening critical infrastructure for
little gain. Once deployed (too late!), it can and will be exploited by
a wide variety of actors (too late!).

Also, replace "NSL subpoena" with "any variety of intimidating thugs
with guns (and/or money)". They're pretty much the same level of "due
process" IMO.

Further, I think we can expect many/most relay operators to run straight
to the EFF/ACLU/FBI in the event of coercion (destination depends on
adversary).  However, I do *not* believe we can expect the same from
arbitrary datacenter admins. Hence, I feel that one-time key theft is a
valid and realistic adversary, given current weaknesses in the Tor
protocol and client software.



-- 
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20120416/85cb1706/attachment.pgp>