wiki:org/meetings/2015SummerDevMeeting/DirectoryAuthorityOperators

Directory authority operators meeting

  • Diversity, geographical and political
    • ioerror: increase diversity, too many US/Europe; start new ones in or move existing ones to Asia or South Africa? different adversaries, otherwise extremely vulnerable; fallback authorities
    • Sebastian: agree on fallback authorities, disagree about rest with current designs; should have everyone decide which location is best, free to move if people want; in the past, DA in Asia failed horribly
    • micah: reasons for failure of DA in Asia are vague, blackholed, null-routed, ISP was unable to cope with the traffic, no location in HK, can try again
    • tom: alternative: run in US, load-balance/cache in different location
    • aagbsn: question about similar DDoS
    • weasel: most DDoS explained by Tor being stupid
    • tom: use geoip file to find locate close directory authority
    • andreas: get last available IPv4 space network
    • ioerror: ask for help with proposal for guessing which country you're in without touching network
    • ln5: changes for anycast setup
  • minimum key sizes
    • ioerror: raise from 1k, reject everything below 4k
    • weasel: low bar 3k
    • tom: low bar 4k, high bar 16k (joke!)
    • ln5: raising key above 3k is going to take forever because clients
  • bandwidth measurements
    • aagbsn: status on bwauth code, work on graphs, time between measurements, get faster relays measured more often and more quickly
    • ln5: reimplementing current design or new design?
    • aagbsn: single-hop scanner
    • tom: more bandwidth authorities for faster scanning?
    • ioerror: what's ETA for running code that measures bw measurements file?
    • aagbsn: prototype scanner that does measurements, still buggy, produces set of measurement observations; ETA: a few months, maybe mid-December
    • arma: modularity, what can we do to help?
    • micah: make obvious to operators when errors happen, log what the problem is, expose error condition, log file is noisy
    • Sebastian: run code right now, debug it, give feedback to aagbsn
    • ioerror: TPO offers resources to coordinate this, help get proposals written without aagbsn writing them
  • notifications
    • everyone: thanks, atagar
  • number of responsible contacts per directory authority
    • weasel: nobody gets my keys!
    • everybody: problem solved, 1 per authority
  • guidelines for updates and maintenance
    • tom: hurts the network if nodes are down
    • Sebastian: up to operator to provide good service; remove authorities with repeated problems as happened before
    • ioerror: problem with urras, would like to solve problems with hidden signing, bring up different DA once that's possible; clarification: keep urras until that's possible; separate signing and bootstrapping
    • andreas: dannenberg was broken for six weeks; suggestion to ioerror: bring back up in Austria
  • bad relays flags
    • dgoulet: rejecting all of Google because of Lizards (yes), process for going back?
    • dgoulet: rejecting hidden service directories that are crawling onion space?
    • ioerror: understand who's doing this; change level of who's going to protect us
    • Sebastian: stop treating attacking relays as still good enough for middle relays; block outright; applies for misbehaving HSDirs; don't allow bad exits to be guards
    • arma: only DA operator to pay attention to bad-relays@; over past weeks not responded, nothing happened.
    • ioerror: differentiate between accidental (upstream ISP) and not accidental.
    • aagbsn: only HSDir if provide certain amount of bandwidth?
    • tom: would make it easier to be a bad person
    • arma: 8 or 9 DAs, once recognize bad relay, should only require 3 of them to act
    • Sebastian: no majority threshold anymore, that would go away, make more fragile; rather get more people to do bad exiting; owning Sebastian is like owning 50% of the network (or arma or weasel)
    • andreas: wouldn't want to run horrible code (bwauth), no idea what to do for voting on bad exit
    • ioerror: way to quantify security; when place new dirauth, evaluate whether that would increase security wrt. bad exiting, diversity, etc.
    • weasel: plans to move moria to more secure machine? (no.)
    • ln5: vote on bad exit before end of year, run phw's exit scanner to confirm
    • ioerror: move all these discussions to dir-auth@ list?
    • ln5: closed list
    • arma: ln5 can't reproduce DonnchaC's results
  • which version willing to run (shared randomness)
    • dgoulet: merge shared randomness code around january; need majority; run rc, alpha
    • weasel: if there's a package, run it. prefer releases
    • ioerror: git tip works
    • ln5: prefer releases
    • Sebastian: fun stuff happens when introducing new consensus methods; ask around before
  • DDoS protection
    • micah: DAs particularly vulnerable, Trac ticket that andrea is working on, what's going on there?
    • arma: hard problems; one option fallback directories, another modularize directory authorities
    • tom: easy win by splitting directory authorities
    • ioerror: dirauth only runs tor and ways to log in, solve tor's problems with tor
  • IPv6
    • ioerror: should get IPv6 addresses for all dirauths (5 have that); should have monitoring for that
    • Sebastian: DocTor could open SSL connection to IPv6
  • design changes to add more directory authorities
    • arma: ack that they are needed to grow; hidden directory authorities
  • new keys
    • andreas: want to change key, no idea if existing one is compromised
    • arma: throw away identity, create new one
  • splitting bridge directory authority
Last modified 2 years ago Last modified on Sep 29, 2015, 7:44:34 PM