Directory authority (DA) operators meetup session notes 2018-03-12 14:30:12+0100

Facilitator: Micah

Note-taking: dkg


  • Fitness criteria:
    • how important is geographic diversity?
    • OS diversity
  • IPv6?
  • find out more about directory authorities
  • do we have enough? too many?
  • how do we deal with blocked directory authorities
  • guard pinning -- allow directory authorities to apply an unearned guard flag

note: we are excluding discussion of bandwidth authorities.

do dirauths all apply consensus parameters? apparently they all do.


dirauths weren't clearly designed to work dual-stack.

should it be?

Linus and Teor seem to be the people to talk to about it.

Linus: dirauths *should* be dual-stack, so that they can do reachability tests to the relays.

Proposal: require IPv6 on all directory authorities.

The directory port is used by a relay when it publishes a server config, but it is being deprecated. We don't want to introduce an IPv6 directory port.

IPv6 support: only 6 out of 9 support it.

Missing v6 authorities:

  • longclaw
  • moria1
  • dizumm

we don't want every directory authority to use crappy HE tunnels, but it might be OK if one or two need to use it.

What happens for v6-only users? they use fallback consensus data, which is shipped with tor.

TODO: find how many v6 addresses are in the fallback list?

TODO: improve v6 connectivity of existing dirauths.

TODO: check whether v6 connectivity is a factor for inclusion in the fallback list.

Fitness criteria

Micah reports back from Seattle+Valencia (this is in an e-mail to the dirauth mailing list, and is on the wiki):

postit note+dot gunner scheme:

  • item (normal vote) [dirauth vote]
  • good social communication by operator (e.g. over IRC, e-mail) (8) [6]
  • operator response time (10) [5]
  • history of running high-availability high-risk (7) [5]
  • gender diversity (4) [2]
  • controlling bare metal (5) [4]
  • network robustness/link quality (6) [3]
  • OS diversity (5) [0]
  • geo-political/jurisdictional diversity (4) [1]
  • isolated services (3) [2]

use Tor test network to let people spin up dirauths. (talk to dgoulet about joining the tor test network)

This approach is a reasonable way to vet people's ability to interact with the rest of the community, which is an important part of how to choose a new authority.

Do we want a checklist? or a survey?

what would it look like? do we want existing dirauths to answer the surveys too? answer seems to be yes.

What would the survey look like?

TODO: micah generate first draft of survey/questionaire, circulate it

with existing dirauths for answering and feedback. for each question, note whether the answer should be published by Tor.

TODO: ln5 will run the draft survey by some of the DNS root operators

to see what they might care about.

Geopolitical/jurisdictional diversitry is weak: all are in EU/US/CA, but no one country hosts a majority.

one thing not noted above: relationships with your upstream provider.

dirauth number?

  • discussed running a new dirauth in a university: permission from a professor, but who is the local admin? who reboots the server when it's gone down?
  • in seattle, the ideal is 9, and there are frictions with larger numbers of directory authorities.
  • Adding a directory authority needs temporal coordination between all
  • killing a bad relay needs a majority of dirauths
  • do we want to encourage anyone to step down from operating a directory authority? term limits?
  • do we want dirauths to be operated by multiple admins? currently all dirauths are single-operator, and the redundancy comes from the pool, not from individual dirauths.
  • would increasing the size of the pool help to break the cabal-like nature of the current set of dirauths?
  • can we do community outreach? would survey answer publication support this?
  • arma thinks 5 is probably too small and 25 is probably too many.

blocked directory authorities?

longclaw unreachable from Chile, took months to discover.

VTR is the Chilean ISP with 80% of chilean users.

OONI detected the block.

derechos digitales set up a meeting with the ISP, got to a second meeting wit hthe technical team.

that team described a group of ISPs that distributes IOCs that include blocks of IP addresses, as part of defense against wannacrypt. ISPs also blocked domain names.

Vasilis has a paper about it, probably linked from posts in tor blog.

not a problem for users, but is a problem for relay operators, particularly for relays listed in the fallback directory.

This seems related to the question about OONI's vanilla Tor test.

TODO: research the best ways to measure reachability of directory

authorities (this is useful for relay operators)

TODO: research reachability of nodes in fallback directory (useful for

end users) (ticket: #25534)

TODO: vasilis will add directory authorities IP+port to OONI's TCP

connect test. (| already implemented some time ago. Thanks: dcf)

TODO: OONI should have an SSL handshake test that shows the

certificate; use that to the directory authorities. (ticket: #25538)

TODO: connect to people who receive these IOC reports, and get them to

alert Tor if important addresses are present on those lists.

Last modified 22 months ago Last modified on Mar 19, 2018, 6:02:01 PM