Directory authority (DA) operators meetup session notes 2018-03-12 14:30:12+0100

Facilitator: Micah

Note-taking: dkg


  • Fitness criteria:
    • how important is geographic diversity?
    • OS diversity
  • IPv6?
  • find out more about directory authorities
  • do we have enough? too many?
  • how do we deal with blocked directory authorities
  • guard pinning -- allow directory authorities to apply an unearned guard flag

note: we are excluding discussion of bandwidth authorities.

do dirauths all apply consensus parameters? apparently they all do.


dirauths weren't clearly designed to work dual-stack.

should it be?

Linus and Teor seem to be the people to talk to about it.

Linus: dirauths *should* be dual-stack, so that they can do reachability tests to the relays.

Proposal: require IPv6 on all directory authorities.

The directory port is used by a relay when it publishes a server config, but it is being deprecated. We don't want to introduce an IPv6 directory port.

IPv6 support: only 6 out of 9 support it.

Missing v6 authorities:

  • longclaw
  • moria1
  • dizumm

we don't want every directory authority to use crappy HE tunnels, but it might be OK if one or two need to use it.

What happens for v6-only users? they use fallback consensus data, which is shipped with tor.

TODO: find how many v6 addresses are in the fallback list?

TODO: improve v6 connectivity of existing dirauths.

TODO: check whether v6 connectivity is a factor for inclusion in the fallback list.

Fitness criteria

Micah reports back from Seattle+Valencia (this is in an e-mail to the dirauth mailing list, and is on the wiki):

postit note+dot gunner scheme:

  • item (normal vote) [dirauth vote]
  • good social communication by operator (e.g. over IRC, e-mail) (8) [6]
  • operator response time (10) [5]
  • history of running high-availability high-risk (7) [5]
  • gender diversity (4) [2]
  • controlling bare metal (5) [4]
  • network robustness/link quality (6) [3]
  • OS diversity (5) [0]
  • geo-political/jurisdictional diversity (4) [1]
  • isolated services (3) [2]

use Tor test network to let people spin up dirauths. (talk to dgoulet about joining the tor test network)

This approach is a reasonable way to vet people's ability to interact with the rest of the community, which is an important part of how to choose a new authority.

Do we want a checklist? or a survey?

what would it look like? do we want existing dirauths to answer the surveys too? answer seems to be yes.

What would the survey look like?

TODO: micah generate first draft of survey/questionaire, circulate it

with existing dirauths for answering and feedback. for each question, note whether the answer should be published by Tor.

TODO: ln5 will run the draft survey by some of the DNS root operators

to see what they might care about.

Geopolitical/jurisdictional diversitry is weak: all are in EU/US/CA, but no one country hosts a majority.

one thing not noted above: relationships with your upstream provider.

dirauth number?

  • discussed running a new dirauth in a university: permission from a professor, but who is the local admin? who reboots the server when it's gone down?
  • in seattle, the ideal is 9, and there are frictions with larger numbers of directory authorities.
  • Adding a directory authority needs temporal coordination between all
  • killing a bad relay needs a majority of dirauths
  • do we want to encourage anyone to step down from operating a directory authority? term limits?
  • do we want dirauths to be operated by multiple admins? currently all dirauths are single-operator, and the redundancy comes from the pool, not from individual dirauths.
  • would increasing the size of the pool help to break the cabal-like nature of the current set of dirauths?
  • can we do community outreach? would survey answer publication support this?
  • arma thinks 5 is probably too small and 25 is probably too many.

blocked directory authorities?

longclaw unreachable from Chile, took months to discover.

VTR is the Chilean ISP with 80% of chilean users.

OONI detected the block.

derechos digitales set up a meeting with the ISP, got to a second meeting wit hthe technical team.

that team described a group of ISPs that distributes IOCs that include blocks of IP addresses, as part of defense against wannacrypt. ISPs also blocked domain names.

Vasilis has a paper about it, probably linked from posts in tor blog.

not a problem for users, but is a problem for relay operators, particularly for relays listed in the fallback directory.

This seems related to the question about OONI's vanilla Tor test.

TODO: research the best ways to measure reachability of directory

authorities (this is useful for relay operators)

TODO: research reachability of nodes in fallback directory (useful for

end users) (ticket: #25534)

TODO: vasilis will add directory authorities IP+port to OONI's TCP

connect test. (| already implemented some time ago. Thanks: dcf)

TODO: OONI should have an SSL handshake test that shows the

certificate; use that to the directory authorities. (ticket: #25538)

TODO: connect to people who receive these IOC reports, and get them to

alert Tor if important addresses are present on those lists.

Last modified 4 months ago Last modified on Mar 19, 2018, 6:02:01 PM