I was going to ask something similar, and this sounds like the best kind of answer - 'you don't need to do anything' :D
On 17 April 2014 17:05, Tobias Markus tobias@miglix.eu wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
(Disclaimer: I am just a "regular" supporter and have no great in-depth knowledge about Tor internals.)
there is a difference between a directory *authority* and a directory *mirror*. There are only 8 or so directory authorities in the Tor network which each give a "vote" on each relay. (E.g. Authority A thinks that Relay R should get the Running and Valid flag.)
The posts above are from Tor senior contributors, some running a directory authority. Roger (Tor "founder") originally said that he recommends dirauths to reject (give no flags to relays in their votes and therefore throwing them out of the Tor network) relays affected by the Heartbleed bug.
A directory mirror (a relay with the Directory Mirror option enabled) just mirrors the original votes by the dirauths. Because they are all cryptographically signed, any tampering you could do to the vote could be detected by clients. (Tor clients only trust votes signed by the dirauths' keys.)
Correct me if I'm wrong! :D
On 04/17/2014 04:55 PM, Saint Aardvark the Carpeted wrote:
Roger Dingledine disturbed my sleep to write:
On Wed, Apr 16, 2014 at 08:03:51PM -0700, Andrea Shepard wrote:
http://charon.persephoneslair.org/~andrea/private/hb-fingerprints-2014041700...
The SHA-256 hash of that file, for the sake of stating it under a PGP
signature, is:
dadd2beca51d1d5cd7ffe7d3fe3a57200c7de7e136cad23b0691df2fbe84ee3f
Thanks Andrea. 374 of the 380 lines from Sina's file overlap with yours.
I've moved moria1 to reject the union of the two lists.
As an ordinary Tor relay operator who's running a directory mirror, is there anything I need to do for my Tor relay about this? I've found this message from the mailing list from a couple years ago:
https://lists.torproject.org/pipermail/tor-talk/2011-October/021936.html
...which seems to imply that the directory operators are separate, and this is nothing I have to take action about. But I wanted to make sure about this, as I couldn't find anything on the Tor FAQ. Apologies if this is answered somewhere else.
Thanks, Hugh
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlNP+74ACgkQAO6N0EYmC9a3OgCgrwgZqo6BUGlD+DaYNPPHzWCc 9XkAnRHN5klCU3w4PEuEm7vg0KDJfgZv =TQAH -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays