[tor-relays] Move or Recreate

[Roger Dingledine]

On Sat, Aug 14, 2021 at 09:04:31PM -0700, Eddie wrote:
> I'm thinking of switching a couple of the VPS servers I have, where I'm
> running both relays and bridges.  (On separate VPSs, obviously).
> 
> I know how to maintain the keys for both relays and bridges for the
> replacements, but was wondering exactly what does that buy me, as both will
> now be running at different IPv4/6 addresses.
> 
> As opposed to just blowing away the current ones and starting fresh copies.

One of the advantages to blowing away the current keys and starting
fresh is that you reduce the surface area of who might have seen the
original keys over time. That is, if you keep copying your keys around
and moving, then each time you move you grow the set of people who might
somehow have gotten a view of the longterm identity keys.

One of the advantages of keeping the same keys is that you maintain
the same state for that key at the directory authorities -- i.e. you
maintain progress toward the Guard flag, you maintain your "time known"
progress, etc.

So I would say that there is no real harm in starting fresh, and if
that's your inclination, go for it.

For bridges in particular, starting fresh makes a lot of sense since
little of the "state" at the bridge authority really matters. (In the
original bridge design, there was an idea that if you have n bridges
configured and 1 of them is still reachable but n-1 of them moved to
a new IP address, you could use that remaining 1 to look up the new
locations of the others, and in that original design, keeping the same
key would definitely help -- but we never finished building that design,
and with newer approaches like Snowflake, we might never do so.)

If you're moving a relay from one location to another location that
you know is similar in terms of bandwidth and connectivity, that's the
situation where migrating the key makes the most sense: it will save
your relay some of the time before it sees traffic again.

Hope this helps!
--Roger