I'm thinking of switching a couple of the VPS servers I have, where I'm running both relays and bridges. (On separate VPSs, obviously).
I know how to maintain the keys for both relays and bridges for the replacements, but was wondering exactly what does that buy me, as both will now be running at different IPv4/6 addresses.
As opposed to just blowing away the current ones and starting fresh copies.
Cheers.
On Sat, Aug 14, 2021 at 09:04:31PM -0700, Eddie wrote:
I'm thinking of switching a couple of the VPS servers I have, where I'm running both relays and bridges. (On separate VPSs, obviously).
I know how to maintain the keys for both relays and bridges for the replacements, but was wondering exactly what does that buy me, as both will now be running at different IPv4/6 addresses.
As opposed to just blowing away the current ones and starting fresh copies.
One of the advantages to blowing away the current keys and starting fresh is that you reduce the surface area of who might have seen the original keys over time. That is, if you keep copying your keys around and moving, then each time you move you grow the set of people who might somehow have gotten a view of the longterm identity keys.
One of the advantages of keeping the same keys is that you maintain the same state for that key at the directory authorities -- i.e. you maintain progress toward the Guard flag, you maintain your "time known" progress, etc.
So I would say that there is no real harm in starting fresh, and if that's your inclination, go for it.
For bridges in particular, starting fresh makes a lot of sense since little of the "state" at the bridge authority really matters. (In the original bridge design, there was an idea that if you have n bridges configured and 1 of them is still reachable but n-1 of them moved to a new IP address, you could use that remaining 1 to look up the new locations of the others, and in that original design, keeping the same key would definitely help -- but we never finished building that design, and with newer approaches like Snowflake, we might never do so.)
If you're moving a relay from one location to another location that you know is similar in terms of bandwidth and connectivity, that's the situation where migrating the key makes the most sense: it will save your relay some of the time before it sees traffic again.
Hope this helps! --Roger
On 8/15/21 6:04 AM, Eddie wrote:
I know how to maintain the keys for both relays and bridges for the replacements, but was wondering exactly what does that buy me, as both will now be running at different IPv4/6 addresses.
As opposed to just blowing away the current ones and starting fresh copies.
Using offline master keys blows away that question ;-)
-- Toralf
tor-relays@lists.torproject.org