[tor-relays] upcoming directory authority changes
Tim Kuijsten
info at netsend.nl
Thu Dec 8 16:59:14 UTC 2022
> (2) Rotate to fresh identity keys for moria1, the directory authority
> that I run. In early November 2022 there was a remote break-in to the
> computer running moria1. Based on the evidence and the type of attack,
> I believe it was a standard automated attack -- that is, I think they
> weren't targeting the directory authority and also they never realized it
> *was* a directory authority. But to be extra safe, we decided to rotate
> to a fresh set of keys. I was also in the middle of a planned move to
> better hardware, so overall it was good timing for a fresh new start.
Thanks for sharing. I'm curious about the suspected standard automated
attack, can you share any details about it? Was it against the directory
server code or against another service?
> * Directory authority keys already have a notion of an offline long-term
> identity with shorter-lifetime online keys that expire periodically,
> with the goal of limiting the future impact of a compromise. But it seems
> like this role separation never quite matches up well to the security
> issues that arise in practice, whereas it definitely adds complexity
> both to the design and to operation. This piece of the design could use
> some new ideas.
I'd like to learn more about these security issues in practice. I can
imagine physical security is a big part of it. Do you maybe have some
specific pointers for me to look for?
More information about the tor-relays
mailing list