[tor-relays] Multiple fingerprints for same IP:Port combo
Tim Wilson-Brown - teor
teor2345 at gmail.com
Wed Jun 22 12:32:45 UTC 2016
> On 22 Jun 2016, at 21:43, simon <komsat at kalidasa.klamath.ch> wrote:
>
> Hi,
>
> Is it possible to have multiple Tor-nodes (with different keypair and
> fingerprint) at the same IP-Port combination? Or does that not work with
> the Directory implementation?
In general, no, because it violates the relay authenticity guarantee that the process you're talking to owns the private keys corresponding to the fingerprint in the consensus.
Tor will warn pretty loudly if it gets a key with a different fingerprint from the one in the consensus.
> The idea would be to have nodes under an anycast IP, because the anycast
> network has a lot of unused capacity.
It would be great to think about how any cast could work with Tor, but I suspect we've baked in a lot of assumptions about IP addresses into the Tor code, and even the Tor security design.
> Another possibilty is to replicate the same node and re-use the same
> keypair in multiple physical locations for the same anycast IP, but I'm
> not sure this is a good idea.
It would make the keys more vulnerable, and it also interferes with Tor's canonical connection code.
(And likely other code that assumes 1 key = 1 IPv4.)
Tim
>
> Simon
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP 968F094B
ricochet:ekmygaiu4rzgsk6n
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160622/3a336ce8/attachment.sig>
More information about the tor-relays
mailing list