wiki:org/meetings/2015WinterDevMeeting/Notes/DirAuthDiscussion

DirAuth Stuff

  • #13167 is a ticket for exporting all the descriptors (not just the most recent ones) from the DirAuths.
    • There's no way to find the descriptors without the identifiers, and Sebastian and Linus export the full list of descriptors for Karsten to get
  • Spec a thing that does all the extra DirAuth stuff (bwauth, guardfraction) and require people to patch that thing if DirAuths need to do a new thing
  • Adding and Removing a DirAuth is painful
    • Solution: Create a 'from-date' for DirAuths in the DirAuth line and DirAuths will have a flag day automatically
  • Blacklisting relays needs to be done outside a specific time window.
    • Solution: This may not actually be a problem. But even so, Sebastian has a solution
  • It would be nice to get the BW Auth code testable in a test network automatically
  • Best practices document for how to manage the badexits/reject list and consensus parameters
  • Revisit every consensus parameter today, and ensure there is a plan to make it no longer a parameter in the future
  • Add a step in the tor alpha release process to consider if any consensus params can be hardcoded (so in n years they can be removed as a consensus param)
  • Write a best common practices document for changing Signing Keys
  • Write a best common practices document for running a DirAuth
    • Keep the Signing Key on a RAM-backed tmpfs
  • Figure out what is up with legacy keys. Either test it in an automated fashion or rip it out
  • Some people don't run 'BadExit' because there is no way to abstain from voting on a particular relay. You either vote yes or no.
    • But it's not clear that being able to Abstain actually works well.
    • Some people want to run a DirAuth to set policy, others to provide robustness
    • Setting policy is a disgareement point, and the current mechanism by which people do or don't set policy is suboptimal

Social requirements for running a DirAuth

  • Create an official, updated list of contact information shared among DirAuths
  • No clear consensus on response time expectations, mailing list discussion expectations, or responding to requests for action
  • No consensus about how to validate BadExit requests, DirAuth choice varies

Consensus-Health features Tom will add Update: Running in test on http://utternoncesense.com

  • Historical versions
  • Entire Identity Digest
  • Click, goes to globe, atlas
  • Historical per-relay (click a link, goes to the previous doc auto-scrolled)
  • todos in the code
Last modified 3 years ago Last modified on Mar 9, 2015, 11:03:58 AM