[tor-relays] T-shirts and Confirming Relay Control
AVee
d6relay at d6.nl
Tue May 5 09:58:36 UTC 2015
On 2015-05-03 19:44, Matthew Finkel wrote:
> Hi Ops,
[...]
> For this case, we need an authentication mechanism which
> proves control of the relay but is something relay operators won't mind
> running.
>
> My currently plan is to ask relay operators to sign the fingerprint
> file
> which tor creates. The major disadvantage of this method is that it
> must
> be run as root (or a user with access to tor's data directory).
If you are willing to lower the bar for 'proof' a bit I'd ask them to
fetch a confirmation url send to them from the connection their node
runs on. Spoofing an IP address for a TCP connection isn't trivial and
seems rather a lot of effort for just a t-shirt. So it at least proofs
access to the connection the node is running on. That could be a simple
unprivileged wget one-liner.
It leaves room for some abuse, but does raise the bar quite a bit.
If you do want to use the tor key couldn't you use it as a key for ssl
client authentication? That would allow for further automation and you
could be build into tor in the future.
AVee
More information about the tor-relays
mailing list