On Wed, Sep 28, 2011 at 6:09 AM, Anthony G. Basile <bas...@opensource.dyc.edu> wrote: > Hi everyone, > > Is there a way of revoking your tor relay's secret_id_key? For > instance, suppose your server is compromised and you want to tell the > world, don't trust this node anymore as a relay and/or exit, how would > you do that? The question occurred to me as I working with gpg.
The authorities can block nodes from appearing in the directory if you convince them to do so. One way to do that with cryptography is: * Make sure that your Contact line includes a GPG key fingerprint for a key that you control. * If you need your node taken out of the directories, send out an announcement saying so, signed with that GPG key. Though in practice, people have gotten their nodes de-listed by just sending out an unsigned announcement to the effect and convincing everybody that they were really them. There is probably an attack opportunity there. It might be worthwhile to add a feature where each Tor server generates a signed "permanent shutdown notice" at the same time it generates its key, and to suggest to node operators that they keep a copy of that notice someplace secure so that they can circulate it as needed if they need to prove that they are saying this node has been compromised. It'd probably need a design proposal. I'm not sure how much of a win it is over the GPG solution above: it saves some steps, but still requires you to make preparations in advance. yrs, -- Nick _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
