[tor-relays] T-shirts and Confirming Relay Control

AVee d6relay at d6.nl
Tue May 5 09:58:36 UTC 2015

On 2015-05-03 19:44, Matthew Finkel wrote:
> Hi Ops,
> For this case, we need an authentication mechanism which
> proves control of the relay but is something relay operators won't mind
> running.
> My currently plan is to ask relay operators to sign the fingerprint 
> file
> which tor creates. The major disadvantage of this method is that it 
> must
> be run as root (or a user with access to tor's data directory).

If you are willing to lower the bar for 'proof' a bit I'd ask them to 
fetch a confirmation url send to them from the connection their node 
runs on. Spoofing an IP address for a TCP connection isn't trivial and 
seems rather a lot of effort for just a t-shirt. So it at least proofs 
access to the connection the node is running on. That could be a simple 
unprivileged wget one-liner.

It leaves room for some abuse, but does raise the bar quite a bit.

If you do want to use the tor key couldn't you use it as a key for ssl 
client authentication? That would allow for further automation and you 
could be build into tor in the future.


More information about the tor-relays mailing list