Re: [tor-relays] Authority Nodes

[Matt Westfall]

LOL this requirement:  - Should be run by somebody that Tor (i.e. Roger)
knows.

One thing that I think would help Tor a lot and have seen some discussions
on, would be a better 'trustworthy' way to measure bandwidth.  I know it's
measured a couple of different ways now, with 'observed' bandwidth and some
testing/probing from the directory authorities, but as outlined in your
e-mail adding more directory authorities is a tedious process at best, so
is there a way that something could be set up where Tor maintainers could
put a flag manually on a relay to indicate that it can and should, initiate
bandwidth tests and report them back to the actual authorities?

Matt Westfall
President & CIO
ECAN Solutions, Inc.
Everything Computers and Networks
804.592.1672
http://ecansol.com


On Sat, Jun 20, 2020 at 5:59 AM Roger Dingledine 
wrote:

> On Fri, Jun 19, 2020 at 07:10:43AM -0300, Vitor Milagres wrote:
> > I see the Authority Nodes are located only in North America and Europe.
> > I would like to contribute to the TOR network as much as possible. I am
> > currently running a node and I would like to make it an Authority Node as
> > well.
> > I am from Brazil and I believe it would possibly be a good idea to have a
> > new Authority Node in South America.
> > What are the requirements? What should I do to become one of them?
> > FYI, the node I am running is 79DFB0E1D79D1306AF03A4B094C55A576989ABD1
>
> Thanks for your interest in running a directory authority! Long ago we
> wrote up a set of goals for new directory authorities:
> https://gitweb.torproject.org/torspec.git/tree/attic/authority-policy.txt
>
> It is definitely an informal policy at this point, but it still gets
> across some of the requirements.
>
> If you're able to run an exit relay at your location, that's definitely
> more useful than another directory authority at this point.
>
> Also, because we haven't automated some steps, each new directory
> authority that we add means additional coordination complexity, especially
> when we identify misbehaving relays and need to bump them out of the
> network quickly.
>
> Here are two big changes since that document:
>
> (1) The directory authorities periodically find themselves needing to
> scale to quite large bandwidths -- sustaining 200mbit at a minimum,
> and being able to burst to 400mbit or 500mbit, is pretty much needed at
> this point:
> https://bugs.torproject.org/33018
>
> (2) Tor ships with hundreds of hard-coded relays called Fallback
> Directories, which distribute the load for bootstrapping into the Tor
> network, and which also provide alternate access points if the main
> directory authorities are blocked.
> https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors
> So while the directory authorities are still a trust bottleneck,
> they are less of a performance bottleneck than they used to be.
>
> In summary: if you want to run a directory authority, your next step
> is to join the Tor community, get to know us and get us to know you,
> come to one of the dev meetings (once the world is able to travel
> again), and see where things go from there.
>
> Thanks,
> --Roger
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Authority Nodes

[niftybunny]

This is really getting OT but anyway … nusenu is correct and 100% in the right 
with his lovably passiv aggressiv comment.

My fault, I fucked it up to set the family on the domflow server correct. With 
this virus thingy going on lots of lots of other stress I forgot but I am happy 
to know that we have a person who cares about the network.

Right now we have implemented the DDOS protection Teor gave me and as far as I 
can tell it works. No more daily DDOS for me.

I will fix the family with the next planed downtime, turns out half of a 
terabyte ram is not enough, ram was ordered, as soon as it arrives we will 
install it and reboot all servers with the new family config.

sorry about all the troubles.

nifty



> On 24. Jun 2020, at 12:50, Michael Gerstacker 
>  wrote:
> 
> Am Mo., 22. Juni 2020 um 22:28 Uhr schrieb nusenu  >:
> I would assume that operators running relays in an end-to-end correlation
> position [1] due to incomplete MyFamily configuration are not considered
> eligible to run a directory authority.
> 
> [1] https://nusenu.github.io/OrNetStats/endtoend-correlation-groups 
> 
> 
> 
> I just would like to remember that your list is not as useful as you think it 
> is.
> 
> I have an exit for some time now which i intentionally don't list in my 
> family because for reasons no one needs to know i don't want to be associated 
> with it
> (no i don't do traffic correlations attacks with it and i don't harm the 
> network or its users in any way).
> 
> I think this is a very good reason to not use the MyFamily option and anyway 
> some of the attacks teor pointed out can get mitigated when it's not visible 
> that the operator is the same one.
> 
> Technically your list should list it but it doesn't because just changing the 
> contact info and name is enough to not get recognized.
> 
> 
> And when it's about trust i would rather trust someone who fails to include 
> the (partially) useless and painful implemented MyFamily option then someone 
> who builds a list which is easy to fool and not solving its purpose but 
> annoying honest operators.
> 
> 
> Just saying.
> 
> 
> Cheers
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Authority Nodes

[Michael Gerstacker]

Am Mo., 22. Juni 2020 um 22:28 Uhr schrieb nusenu :

> I would assume that operators running relays in an end-to-end correlation
> position [1] due to incomplete MyFamily configuration are not considered
> eligible to run a directory authority.
>
> [1] https://nusenu.github.io/OrNetStats/endtoend-correlation-groups
>
>
I just would like to remember that your list is not as useful as you think
it is.

I have an exit for some time now which i intentionally don't list in my
family because for reasons no one needs to know i don't want to be
associated with it
(no i don't do traffic correlations attacks with it and i don't harm the
network or its users in any way).

I think this is a very good reason to not use the MyFamily option and
anyway some of the attacks teor pointed out can get mitigated when it's not
visible that the operator is the same one.

Technically your list should list it but it doesn't because just changing
the contact info and name is enough to not get recognized.


And when it's about trust i would rather trust someone who fails to include
the (partially) useless and painful implemented MyFamily option then
someone who builds a list which is easy to fool and not solving its purpose
but annoying honest operators.


Just saying.


Cheers
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Authority Nodes

[niftybunny]

> On 22. Jun 2020, at 22:28, nusenu  wrote:
> 
> I would assume that operators running relays in an end-to-end correlation
> position [1] due to incomplete MyFamily configuration are not considered
> eligible to run a directory authority.

Fair enough. I fucked it up.

nifty


signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Authority Nodes

[nusenu]

I would assume that operators running relays in an end-to-end correlation
position [1] due to incomplete MyFamily configuration are not considered
eligible to run a directory authority.

[1] https://nusenu.github.io/OrNetStats/endtoend-correlation-groups

It is probably a good thing to separate exit relay operations from directory
authority operations, we don't want to end up in a situation were a dir auth
become the collateral damage of an exit relay raid. 

I'm not sure if we even need more directory authorities
at this point.



-- 
https://mastodon.social/@nusenu



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Authority Nodes

[Tor-abuse]

Hi Roger,

what do we have to do to Opt-In as a Fallback Directory?


Am 20.06.2020 um 13:00 schrieb niftybunny:
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Authority Nodes

[niftybunny]

I cant find any “no rabbit rule” in this. So I am eligible?

> On 20. Jun 2020, at 11:59, Roger Dingledine  wrote:
> 
> On Fri, Jun 19, 2020 at 07:10:43AM -0300, Vitor Milagres wrote:
>> I see the Authority Nodes are located only in North America and Europe.
>> I would like to contribute to the TOR network as much as possible. I am
>> currently running a node and I would like to make it an Authority Node as
>> well.
>> I am from Brazil and I believe it would possibly be a good idea to have a
>> new Authority Node in South America.
>> What are the requirements? What should I do to become one of them?
>> FYI, the node I am running is 79DFB0E1D79D1306AF03A4B094C55A576989ABD1
> 
> Thanks for your interest in running a directory authority! Long ago we
> wrote up a set of goals for new directory authorities:
> https://gitweb.torproject.org/torspec.git/tree/attic/authority-policy.txt
> 
> It is definitely an informal policy at this point, but it still gets
> across some of the requirements.
> 
> If you're able to run an exit relay at your location, that's definitely
> more useful than another directory authority at this point.
> 
> Also, because we haven't automated some steps, each new directory
> authority that we add means additional coordination complexity, especially
> when we identify misbehaving relays and need to bump them out of the
> network quickly.
> 
> Here are two big changes since that document:
> 
> (1) The directory authorities periodically find themselves needing to
> scale to quite large bandwidths -- sustaining 200mbit at a minimum,
> and being able to burst to 400mbit or 500mbit, is pretty much needed at
> this point:
> https://bugs.torproject.org/33018
> 
> (2) Tor ships with hundreds of hard-coded relays called Fallback
> Directories, which distribute the load for bootstrapping into the Tor
> network, and which also provide alternate access points if the main
> directory authorities are blocked.
> https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors
> So while the directory authorities are still a trust bottleneck,
> they are less of a performance bottleneck than they used to be.
> 
> In summary: if you want to run a directory authority, your next step
> is to join the Tor community, get to know us and get us to know you,
> come to one of the dev meetings (once the world is able to travel
> again), and see where things go from there.
> 
> Thanks,
> --Roger
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



signature.asc
Description: Message signed with OpenPGP
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Authority Nodes

[Roger Dingledine]

On Fri, Jun 19, 2020 at 07:10:43AM -0300, Vitor Milagres wrote:
> I see the Authority Nodes are located only in North America and Europe.
> I would like to contribute to the TOR network as much as possible. I am
> currently running a node and I would like to make it an Authority Node as
> well.
> I am from Brazil and I believe it would possibly be a good idea to have a
> new Authority Node in South America.
> What are the requirements? What should I do to become one of them?
> FYI, the node I am running is 79DFB0E1D79D1306AF03A4B094C55A576989ABD1

Thanks for your interest in running a directory authority! Long ago we
wrote up a set of goals for new directory authorities:
https://gitweb.torproject.org/torspec.git/tree/attic/authority-policy.txt

It is definitely an informal policy at this point, but it still gets
across some of the requirements.

If you're able to run an exit relay at your location, that's definitely
more useful than another directory authority at this point.

Also, because we haven't automated some steps, each new directory
authority that we add means additional coordination complexity, especially
when we identify misbehaving relays and need to bump them out of the
network quickly.

Here are two big changes since that document:

(1) The directory authorities periodically find themselves needing to
scale to quite large bandwidths -- sustaining 200mbit at a minimum,
and being able to burst to 400mbit or 500mbit, is pretty much needed at
this point:
https://bugs.torproject.org/33018

(2) Tor ships with hundreds of hard-coded relays called Fallback
Directories, which distribute the load for bootstrapping into the Tor
network, and which also provide alternate access points if the main
directory authorities are blocked.
https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors
So while the directory authorities are still a trust bottleneck,
they are less of a performance bottleneck than they used to be.

In summary: if you want to run a directory authority, your next step
is to join the Tor community, get to know us and get us to know you,
come to one of the dev meetings (once the world is able to travel
again), and see where things go from there.

Thanks,
--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Authority Nodes

[mpan]

> I see the Authority Nodes are located only in North America and Europe.
> I would like to contribute to the TOR network as much as possible. I am
> currently running a node and I would like to make it an Authority Node as
> well.
> I am from Brazil and I believe it would possibly be a good idea to have a
> new Authority Node in South America.
> What are the requirements? What should I do to become one of them?
> FYI, the node I am running is 79DFB0E1D79D1306AF03A4B094C55A576989ABD1
Hello and thanks for running the exit node,

  If you mean the authorities like moria1, tor26 and so on, this is
unfortunately the part where we must put our trust in flesh machines
instead of clean algorithms. Therefore operators of those servers are
not just random people, who run nodes like you or me.

  I don’t know the exact selection process, but what I know is that
knowing the operator in person for a long time is one of the
prerequisities. That explains why authorities are located only in North
America and Europe. Another factor, but this is only my guess, may be
that the state must be perceived as relatively safe and non-interfering
in hidden, muddy or plainly illegal ways. This is why I would myself be
against running such an authority in my own country. But this is all I
can tell or guess.

Cheers



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Authority Nodes

[Vitor Milagres]

Hi,


I see the Authority Nodes are located only in North America and Europe.
I would like to contribute to the TOR network as much as possible. I am
currently running a node and I would like to make it an Authority Node as
well.
I am from Brazil and I believe it would possibly be a good idea to have a
new Authority Node in South America.
What are the requirements? What should I do to become one of them?
FYI, the node I am running is 79DFB0E1D79D1306AF03A4B094C55A576989ABD1


Thanks,
Vitor Milagres
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays