[tor-relays] Decommissioning a FallbackDir node (punki)

boldsuck lists at for-privacy.net
Sun Oct 6 17:35:23 UTC 2024


On Saturday, 5 October 2024 00:40 George Hartley via tor-relays wrote:

> You should default to full disk / partition encryption.

Apart from that FDE is _not_ recommended, especially for Tor exits.
What is the point of a 24/7/365 running cloud or KVM server that the admins 
can copy at any time?
If you want to secure Cloud or KVM Tor server, you can use offline ed25519 
identity keys.

> On Friday, October 4th, 2024 at 11:51 PM, Osservatorio Nessuno via tor-
relays <tor-relays at lists.torproject.org> wrote:

> > While we could, I would think it is not a great security practice
> > migrate keys that were on an old, non updated provider cluster when
> > building a new node elsewhere. That would double the risk of someone
> > else having the secret keys (old provider, new provider instead of just
> > the new provider).

You are absolutely right.
I didn't even think about it because I almost only have dedicated servers.
You will soon have it even better with the Rack @home. :-)
When you have everything ready, I would be happy to see server/rack pictures 
and which CPUs you are using.

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 3872 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241006/5851fb8a/attachment.sig>


More information about the tor-relays mailing list