Scott Bennett bennett at cs.niu.edu
Sat Jun 27 07:02:22 UTC 2009

     On Fri, 26 Jun 2009 11:04:59 -0400 Michael <cozzi at cozziconsulting.com>
>Roger Dingledine wrote:
>> On Fri, Jun 26, 2009 at 08:16:00AM -0400, Michael wrote:
>>>    What I *am* doing is deploying a couple of heavy iron closed relays 
>>> on OC3 or better bandwidth. The first is now deployed after a lot of up 
>>> and down testing, and I'll get to the second in due time.
>> Sounds great. Let us know if you have any questions or run into any
>> problems.
>    Roger,
>    Come to think of it I have a question about best practices. My first 
>Tor server is racked in the same datacenter as apparently two other Tor 
>servers, one is an exit. Should I name these as family in my config?

     Although Roger can certainly speak/write for himself, I'll jump into
this one, too.
>    I'm thinking yes. But since I don't own the other servers I'm 
>hesitant. But at face value it might make sense to disallow building 
>circuits through them.

     If you don't have administrative control over the other relays, then no,
your node is not part of whatever family/families they may/may not be a part
of.  Keep in mind that most clients will not build circuits that include more
than a single node with an IP address in any given /16.  Some hosting services
may have more than that much IP address space, but in those cases, I really
doubt that you'll find much reason to worry except for the fact that they could
all be shut down at once.
     This points up an other issue that is indeed a potential security risk.
Those who manage tor nodes at hosting companies need to have ways to protect
the security of their nodes' log files and, most especially, their nodes'
secret keys.  Nodes at commercial hosting facilities need to keep *all* of
that kind of information in well encrypted file systems with no access to
anyone but the system administrator of the hosted system.

