[tor-bugs] #2665 [Tor Relay]: Create a dirauth rotation procedure
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Mar 7 00:47:32 UTC 2011
#2665: Create a dirauth rotation procedure
-----------------------+----------------------------------------------------
Reporter: mikeperry | Owner:
Type: task | Status: new
Priority: normal | Milestone:
Component: Tor Relay | Version:
Keywords: | Parent: #2664
Points: | Actualpoints:
-----------------------+----------------------------------------------------
We have the technical ability right now to rotate up to n-1 of the
directory authorities to new IP addresses, with new intermediate keys by
updating torrc files of the other dirauths. So long as at least one
directory authority remains listening on its old IP address and is aware
of the other directory authorities' new locations, it should still be
possible to both produce a consensus and distribute it to new clients.
We should clearly document this procedure so we can execute it quickly if
the Tor directory authorities fall victim to a DoS or widespread
compromise.
We should also consider altering client bundles to ship with a reduced
consensus or descriptor set of ultra high-uptime directory mirrors, so
that in the future we can rotate all n directory authorities without
issue.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2665>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list