Delivery-Date: Sat, 11 Jun 2016 06:08:44 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [138.201.14.202])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 5D1581E02CA;
	Sat, 11 Jun 2016 06:08:42 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 10CDCE15EE;
	Sat, 11 Jun 2016 10:08:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 1230EE15E7
 for <tor-talk@lists.torproject.org>; Sat, 11 Jun 2016 10:08:31 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id wdZZtho4fRyO for <tor-talk@lists.torproject.org>;
 Sat, 11 Jun 2016 10:08:30 +0000 (UTC)
Received: from nskntmtas05p.mx.bigpond.com (nskntmtas05p.mx.bigpond.com
 [61.9.168.149])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "InterMail Test Certificate",
 Issuer "Certificate Authority" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 38BA9E08AF
 for <tor-talk@lists.torproject.org>; Sat, 11 Jun 2016 10:08:29 +0000 (UTC)
Received: from nskntcmgw07p ([61.9.169.167]) by nskntmtas05p.mx.bigpond.com
 with ESMTP
 id <20160611100823.TJGY2067.nskntmtas05p.mx.bigpond.com@nskntcmgw07p>
 for <tor-talk@lists.torproject.org>; Sat, 11 Jun 2016 10:08:23 +0000
Received: from x220a02 ([121.220.43.228]) by nskntcmgw07p with BigPond Outbound
 id 5N8L1t00H4vNbUx01N8NuH; Sat, 11 Jun 2016 10:08:23 +0000
X-Authority-Analysis: v=2.1 cv=R+7+YolX c=1 sm=1 tr=0
 a=yWkCi3BMLgpGmn5ydydGqQ==:117 a=yWkCi3BMLgpGmn5ydydGqQ==:17
 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=kj9zAlcOel0A:10
 a=pD_ry4oyNxEA:10 a=Xyvo8UxJAAAA:8 a=FSwcvVQKYNs50Yq7Id4A:9
 a=YkHD4jPQYuaCzMQj:21 a=ge7x1FJcFJFs4trp:21 a=CjuIK1q_8ugA:10
 a=KylNtnpxKUf6NPVlcTKw:22
Received: by x220a02 (Postfix, from userid 1000)
 id 1379226003F; Sat, 11 Jun 2016 20:06:41 +1000 (AEST)
Date: Sat, 11 Jun 2016 20:06:41 +1000
From: Zenaan Harkness <zen@freedbms.net>
To: tor-talk@lists.torproject.org
Message-ID: <20160611100641.GA1224@x220-a02>
References: <eeee88f9d04a633331fdc22cffd35756@openmailbox.org>
 <20160527121339.GA13804@khazad-dum> <575BD1F6.7020202@nirgal.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <575BD1F6.7020202@nirgal.com>
Subject: Re: [tor-talk] Please suggest domain registrats that are Tor (and
 bitcoin) friendly.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Sat, Jun 11, 2016 at 08:55:18AM +0000, contact_tor@nirgal.com wrote:
> ng0 wrote:
> > I am not 100% sure about the tor part, but OrangeWebsite[0] supports
> > 2 kinds of coins.
> > You could get in touch with support to ask about the tor part of the question.
> 
> I strongly advise against using orangewebsite: They rent "freshly
> installed servers" with /root/.ssh/authorized_keys that is pre-seed!
> (backdoor)
> Maybe their dns service is ok however...
> 
> (It's a real pity because they use 100% renewable energy, and that was
> great.)

The following may seem cynical, resigned and fatalistic, BUT:

I am Mr ISP.

I run a few boxen and my hosting service, with some hardware level
virtualization, to provide VPSs to inspired individuals.

So my web front end takes a credit card, or some bitcoin, and configures
and spins up a brand spanking new VPS.

The customer must have an initial log in to that VPS. 

Either:
a - I do an initial Debian install, and display the SSH key on the screen
for cut and paste.
b - I offer to receive an initial public key and insert that into the VPS.
c - I somehow provide end customer access to a "lower level" VPS
installer/ console.

Is there any other option?

Assuming option c, where I really go out of my way to maximise customer
trust in my administrative honour.

Now, if I don't actually have administrative honour, the files for the VPS
(e.g. when it's rebooted) or even the current live files (let's assume a
really radical memory-only "live Qubes VPS which dies on any software or
hardware reboot") exist at the very least in memory.

This is a unix system. The VPS files are, or can be mounted somewhere by
root.

Or, I can just write a little memory scanner and look for the appropriate
location for the private keys in memory.


Here's the point: in a VPS situation, you are, absolutely, at the mercy of
the provider of the VPSes, and possibly to the providers of the data
center.


Unless I'm really really missing something obvious about computer
security, your concern is a misunderstanding.

As in, SSH in the first time, and issue/ generate yourself a new key pair
- it's not hard, but won't provide much if any benefit to you. Your
administrator --always-- has root. And that's root at the hardware level,
well below your 'root' access.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

