Am 22.03.2014 um 21:04 schrieb tor-relays-request@lists.torproject.org:

Send tor-relays mailing list submissions to
tor-relays@lists.torproject.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
or, via email, send a message with subject or body 'help' to
tor-relays-request@lists.torproject.org

You can reach the person managing the list at
tor-relays-owner@lists.torproject.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of tor-relays digest..."
Today's Topics:

  1. new fingerprint after update (Oliver Sch?nefeld)
  2. Re: new fingerprint after update (Alexander Dietrich)
  3. Re: new fingerprint after update (I)
  4. Re: Relay configuration for FreedomBox (James Valleroy)
  5. Re: new fingerprint after update (Roger Dingledine)
  6. Re: Relay configuration for FreedomBox (Lunar)
  7. Re: Relay configuration for FreedomBox (Lance Hathaway)

Von: Oliver Schönefeld <oliver.schoenefeld@me.com>
Betreff: [tor-relays] new fingerprint after update
Datum: 22 .März 2014 15:26:07 MEZ
An: tor-relays@lists.torproject.org
Antwort an: tor-relays@lists.torproject.org


Hi guys,

i updated from Tor 0.2.3.25 (relay 266C0CADC79F802C554019887324A57332A1DA70) to Tor 0.2.4.21 yesterday and the relay fingerprint changed to 07E333A3B979C27739096C5B2EE10D7C8E3D8FFD.

Is there any way to get the new version working with the old fingerprint?
I looked in the manual and tried adding a DirAuthority line in the torrc file, which looks as the following:
DirAuthority 123tor *:9030 FINGERPRINT

But then Tor doesn't start.

I also tried writing the old fingerprint in the fingerprint file, but it's changed to the new one everytime i start Tor.


So thanks for your help in advance and have a nice weekend everybody!

Oli



Von: Alexander Dietrich <alexander@dietrich.cx>
Betreff: Aw: [tor-relays] new fingerprint after update
Datum: 22 .März 2014 15:47:29 MEZ
An: tor-relays@lists.torproject.org
Antwort an: tor-relays@lists.torproject.org


Is it possible that either the "DataDirectory" setting changed due to the update or the directory content?


yes, because vidalia isn't part of the game anymore - yes i'm a little late with the update :(

Best regards,
Alexander
---
PGP Key: 0xC55A356B | https://dietrich.cx/pgp

On 2014-03-22 15:26, Oliver Schönefeld wrote:
Hi guys,
i updated from Tor 0.2.3.25 (relay
266C0CADC79F802C554019887324A57332A1DA70) to Tor 0.2.4.21 yesterday
and the relay fingerprint changed to
07E333A3B979C27739096C5B2EE10D7C8E3D8FFD.
Is there any way to get the new version working with the old
fingerprint?
I looked in the manual and tried adding a DirAuthority line in the
torrc file, which looks as the following:
DirAuthority 123tor *:9030 FINGERPRINT
But then Tor doesn't start.
I also tried writing the old fingerprint in the fingerprint file, but
it's changed to the new one everytime i start Tor.
So thanks for your help in advance and have a nice weekend everybody!
Oli
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




Von: I <beatthebastards@inbox.com>
Betreff: Aw: [tor-relays] new fingerprint after update
Datum: 22 .März 2014 17:58:58 MEZ
An: tor-relays@lists.torproject.org
Antwort an: tor-relays@lists.torproject.org


...and the t-shirt counter at Atlas.torproject.org resets


there are worse things than that - but thanks for the reminder to claim it ;)


Von: James Valleroy <james.valleroy@gmail.com>
Betreff: Aw: [tor-relays] Relay configuration for FreedomBox
Datum: 22 .März 2014 19:56:12 MEZ
An: tor-relays@lists.torproject.org
Antwort an: tor-relays@lists.torproject.org


On Wed, Mar 19, 2014 at 9:25 AM, Lance Hathaway <qhltx@yahoo.com> wrote:
If you're going to be running these as bridges, it seems to make sense
to include obfsproxy support, probably with obfs3 and scramblesuit [0]
enabled right off the bat.

Thanks for the information. Is it likely that obfs3 and scramblesuit
will be usable in the long-term? Or will they need to be deprecated at
some point like obfs2?

Also, if obfs3 or scramblesuit were deprecated, but some FreedomBoxes
continued to run those transports, what would be the result? Would the
worst case be that the bridge is no longer usable by some, as in [0]?

The reason that I'm asking is that FreedomBox is currently working
within Debian "testing" but our target is Debian "stable". Once our
packaged configuration is frozen for the next stable release, it will
be more difficult for us to push changes other than security fixes.

[0] https://trac.torproject.org/projects/tor/ticket/10314




Von: Roger Dingledine <arma@mit.edu>
Betreff: Aw: [tor-relays] new fingerprint after update
Datum: 22 .März 2014 19:57:50 MEZ
An: tor-relays@lists.torproject.org
Antwort an: tor-relays@lists.torproject.org


On Sat, Mar 22, 2014 at 03:26:07PM +0100, Oliver Schönefeld wrote:
i updated from Tor 0.2.3.25 (relay 266C0CADC79F802C554019887324A57332A1DA70) to Tor 0.2.4.21 yesterday and the relay fingerprint changed to 07E333A3B979C27739096C5B2EE10D7C8E3D8FFD.

https://www.torproject.org/docs/faq#UpgradeOrMove

I looked in the manual and tried adding a DirAuthority line in the torrc file, which looks as the following:
DirAuthority 123tor *:9030 FINGERPRINT

But then Tor doesn't start.

Yeah, that's not at all what DirAuthority is for. Can you help us
understand what made you think this was a good idea to try, so we can
fix it in the man page? :)

I also tried writing the old fingerprint in the fingerprint file,
but it's changed to the new one everytime i start Tor.

Hopefully the above faq entry helps.

Thanks for running a relay!
--Roger



thank you so much, roger!
i copied the old /keys folder and it's working like a charm.

i basically ctrl+f'ed "fingerprint" in the stable manual and the DirAuthority property was the only one that made sense, since i don't run a bridge.
but i have to admit that i didn't read the NOTE section... shame on my head.

thank y'all!




Von: Lunar <lunar@torproject.org>
Betreff: Aw: [tor-relays] Relay configuration for FreedomBox
Datum: 22 .März 2014 20:23:49 MEZ
An: tor-relays@lists.torproject.org
Antwort an: tor-relays@lists.torproject.org


James Valleroy:
The reason that I'm asking is that FreedomBox is currently working
within Debian "testing" but our target is Debian "stable". Once our
packaged configuration is frozen for the next stable release, it will
be more difficult for us to push changes other than security fixes.

(Debian hat on:) I try to keep Debian backports as up-to-date as possible.
Are official backports out of your set of allowed packages as well?

--
Lunar                                             <lunar@torproject.org>



Von: Lance Hathaway <qhltx@yahoo.com>
Betreff: Aw: [tor-relays] Relay configuration for FreedomBox
Datum: 22 .März 2014 21:03:43 MEZ
An: tor-relays@lists.torproject.org
Antwort an: tor-relays@lists.torproject.org


Signierter PGP Teil
On 22/03/2014 11:56 AM, James Valleroy wrote:
> Thanks for the information. Is it likely that obfs3 and
> scramblesuit will be usable in the long-term? Or will they need to
> be deprecated at some point like obfs2?
>
> Also, if obfs3 or scramblesuit were deprecated, but some
> FreedomBoxes continued to run those transports, what would be the
> result? Would the worst case be that the bridge is no longer usable
> by some, as in [0]?
>
> The reason that I'm asking is that FreedomBox is currently working
> within Debian "testing" but our target is Debian "stable". Once
> our packaged configuration is frozen for the next stable release,
> it will be more difficult for us to push changes other than
> security fixes.
>
> [0] https://trac.torproject.org/projects/tor/ticket/10314

I can't speak to whether more pluggable transports will be deprecated
in future, but I'll go out on a limb here and say "probably." The
nature of things ensures that the capabilities of censors continue to
advance. And as they do, new approaches will be found and deployed to
bypass those advancing attempts to block the network.

When bridges were first deployed, the fact that they weren't all
openly listed in a public directory made them more difficult to block.
Now, most plain bridges are very easy to block. When obfs2 was first
deployed, it was a solid protocol (I have no doubt). These days, China
is actively hunting down and blocking obfs2. There is very little
point to deploying either a plain bridge or an obfs2 pluggable
transport these days, especially on a mass scale.

On the plus side, obfs3 is still pretty strong, and it's one of the
common pluggable transports right now. Scramblesuit is not live in the
official bundles yet (AFAIK), but it just released and has some pretty
robust-looking defenses against active probing and other attacks. If
you're working on something new to deploy, these should be included,
without a doubt. They may indeed be deprecated in future, and in the
worst case may become unusable or make the bridge more susceptible to
being blocked. But if you go with a plain bridge or obfs2, you're
already in your worst-case scenario. You have nothing to lose and
everything to gain by enabling the newest pluggable transports.

I would highly recommend adding the Tor package repository to the
FreedomBoxes. As explained in [0], this won't always give you the
latest version of tor, but it will provide security fixes. My hunch is
that it will almost always also be a little fresher than Debian
stable. And given that network censors and network developers are
always going to be in an escalating arms race, enabling new releases
of Tor (and obfsproxy) directly from the project is going to make the
FreedomBox much more useful in the long term.

-Lance

[0] https://www.torproject.org/docs/debian




_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays