[tor-relays] Decommissioning a FallbackDir node (punki)

George Hartley hartley_george at proton.me
Wed Oct 9 09:00:25 UTC 2024


I bought my physical own server, and colocated it in a room in a datacenter I have 24/7 access to.

Also, I was not talking about KVM at any time?

Maybe read my e-mail before replying, please.

FDE on exits ON KVM's is discouraged because if the host has to reboot, your VM will be stuck at boot.

However, most big organization running Tor nodes have either their own colocated servers like me (except I am not a big contributor) or dedicated servers giving you more options.

I even have an intrusion (case-opening) sensor on my server which wipes RAM and kills power once activated.

-GH

On Sunday, October 6th, 2024 at 7:35 PM, boldsuck via tor-relays <tor-relays at lists.torproject.org> wrote:

> On Saturday, 5 October 2024 00:40 George Hartley via tor-relays wrote:
> 

> > You should default to full disk / partition encryption.
> 

> 

> Apart from that FDE is not recommended, especially for Tor exits.
> What is the point of a 24/7/365 running cloud or KVM server that the admins
> can copy at any time?
> If you want to secure Cloud or KVM Tor server, you can use offline ed25519
> identity keys.
> 

> > On Friday, October 4th, 2024 at 11:51 PM, Osservatorio Nessuno via tor-
> 

> relays tor-relays at lists.torproject.org wrote:
> 

> > > While we could, I would think it is not a great security practice
> > > migrate keys that were on an old, non updated provider cluster when
> > > building a new node elsewhere. That would double the risk of someone
> > > else having the secret keys (old provider, new provider instead of just
> > > the new provider).
> 

> 

> You are absolutely right.
> I didn't even think about it because I almost only have dedicated servers.
> You will soon have it even better with the Rack @home. :-)
> When you have everything ready, I would be happy to see server/rack pictures
> and which CPUs you are using.
> 

> --
> ╰_╯ Ciao Marco!
> 

> Debian GNU/Linux
> 

> It's free software and it gives you freedom!_______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - hartley_george at proton.me - 0xAEE8E00F.asc
Type: application/pgp-keys
Size: 657 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241009/711ee9f3/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241009/711ee9f3/attachment.sig>


More information about the tor-relays mailing list