[metrics-bugs] #34020 [Internal Services/Tor Sysadmin Team]: Please remove the DNS entry for op-ab.onionperf.torproject.net

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 27 13:58:09 UTC 2020 

#34020: Please remove the DNS entry for op-ab.onionperf.torproject.net
-------------------------------------------------+-------------------------
 Reporter:  irl                                  |          Owner:  anarcat
     Type:  task                                 |         Status:  closed
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:  fixed
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by anarcat):

 * status:  accepted => closed
 * resolution:   => fixed


Comment:

 Replying to [ticket:34020 irl]:
 > #34018 removes this from CollecTor configuration, and the host is
 currently being shut down as I write this ticket.

 Done:

 {{{
 master d9d216c5005385a1ebf84184134b5ff123abe48e
 Author:     Antoine Beaupré <anarcat at debian.org>
 AuthorDate: Mon Apr 27 09:56:53 2020 -0400
 Commit:     Antoine Beaupré <anarcat at debian.org>
 CommitDate: Mon Apr 27 09:56:53 2020 -0400

 Parent:     d437ae4 add DNS entries for new OnionPerf hosts (#34016)
 Merged:     master
 Contained:  master

 remove the DNS entry for op-ab.onionperf.torproject.net (#34020)

 1 file changed, 1 deletion(-)
 torproject.net | 1 -

 modified   torproject.net
 @@ -16,7 +16,6 @@ $INCLUDE
 "/srv/letsencrypt.torproject.org/var/hook/snippet"
                 CAA     128 issue "letsencrypt.org"
                 CAA     128 issuewild ";"

 -op-ab.onionperf                IN      A       137.50.19.2
  op-hk.onionperf                IN      A       37.218.240.75
  op-nl.onionperf                IN      A       37.218.247.40
  op-us.onionperf                IN      A       37.218.241.144
 }}}

 > I don't know if there's any question as to what to do about TLS certs
 issued to domain names. In an ideal world we'd track these and not reuse
 names until we're sure the certs would be expired. There is a Lets Encrypt
 cert issued to this name that will also be in backups, destroying it would
 be difficult, but I can revoke the certs:
 >
 > https://letsencrypt.org/docs/revoking/
 >
 > I've done this for the two non-expired certs.

 Considering those expire every 3 months, I'm not sure I would bother with
 this so much... What's the threat model?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34020#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the metrics-bugs mailing list