[tor-relays] Tor Relay Performance

irregulator at riseup.net irregulator at riseup.net
Tue Mar 25 16:42:19 UTC 2014


On 03/25/2014 04:29 AM, Sebastian Hahn wrote:
> 
> On 24 Mar 2014, at 20:21, tor-admin <tor-admin at torland.me> wrote:
> 
>> There a couple of sysctrl parameters that Moritz described here: 
>> https://www.torservers.net/wiki/setup/server#sysctlconf
> 
> That website has at least one glaringly dangerous suggestion, namely
> 
> apt-key adv --recv-keys --keyserver keys.gnupg.net 886DDD89
> 
> The issue is that he key which is to be fetched from a public, untrusted
> keyserver using an unauthenticated protocol is not being verified at
> all. This immediately compromises the entire box in case someone is
> messing with your upstream traffic.
> 
> It would seem advisable to review the remainder of the advice there, and
> also fix the above problem.
> 
> Cheers
> Sebastian

A couple of thoughts on this :

one could use hkps as transport, as suggested here [1]

Mind that hkps will provide encryption while fetching the key, thus
anyone observing your traffic will not be able to know which key you did
fetch. What is more if you want gpg to work with hkps you will probably
have to trust the certificate of the hkps keyserver.

_But_ you should not rely on hkps or the server to fetch the right key.
What's the point of web of trust and digital signatures and stuff in the
end, if you just rely on single (perhaps central) point?

The correct way, I think, is to know a priori the correct fingerprint of
the public key you want to fetch. That is, you somehow have to know that
Tor's debian repository signing key is the one with fingerprint A3C4
F0F9 79CA A22C DBA8  F512 EE8C BC9E 886D DD89. Or somehow build a trust
path to it, for example if you trust one of the persons who have signed
it. [2]

I hope more people will give some input on this conversation though,
cause it's an important detail. Also I might miss something.

Cheers,
Alex

[1]
https://we.riseup.net/debian/openpgp-best-practices#consider-making-your-default-keyserver-use-a-keyse

[2]
http://keys.mayfirst.org/pks/lookup?op=vindex&search=0x886DDD89&fingerprint=on


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140325/6bc35b13/attachment.sig>


More information about the tor-relays mailing list