[tor-dev] DoH over non-HTTPS onion v3

certificates acceptable to the CA/Browser Forum (if that is possible then the HTTPS requirement isn't a problem for DoH over onion v3). regards, nusenu [1] https://datatracker.ietf.org/doc/draft-ietf-doh-dns-over-https -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description

[tor-dev] DNS resolution isolation in Tor Browser

) -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

[tor-dev] DNS resolution isolation in Tor Browser

Is that correct? thanks! [1] https://www.torproject.org/projects/torbrowser/design/#identifier-linkability -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev

[tor-dev] is that the correct URL in the TBB design document?

r. "lack a fix altogether" links back to the design document itself: https://www.torproject.org/projects/torbrowser/design/ is that the correct URL or a copy-paste error? thanks! -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPG

[tor-dev] DNS-over-HTTPS (DOH) in Firefox/Torbrowser

DNS themselves over TCP connections instead of relying on the exit (even if torbrowser is not the only tor client). thanks, nusenu [0] https://www.ghacks.net/2018/03/20/firefox-dns-over-https-and-a-worrying-shield-study/ [1] https://datatracker.ietf.org/doc/draft-hoffman-dns-over-https

Re: [tor-dev] BandwidthRate minimal values

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://trac.torproject.org/projects/tor/ticket/26094 - -- https://mastodon.social/@nusenu twitter: @nusenu_ -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEElpDPH7u0KYWVTfK7rWE4wkXNQn4FAlr4IKwACgkQrWE4wkXN Qn4UQBAAvMTK4YXUZbqxnw8c//UIriawL

Re: [tor-dev] connectivity failure for top 100 relays

that and I misunderstood your question? -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] onion v2 deprecation plan?

made them child tickets of https://trac.torproject.org/projects/tor/ticket/25955 lets try to link all relevant tickets there -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-

[tor-dev] minor website update request: have the tor-relay guide ready for Ubuntu 18.04

guide ready for the new Ubuntu LTS nearly at the same time when the release is happening. (I won't be bothering you with non-tor-relay-guide related website updates anymore). thanks, nusenu [1] https://trac.torproject.org/projects/tor/ticket/25888 -- https://mastodon.social/@nusenu twitter

[tor-dev] onion v2 deprecation plan?

Hi, even though you are probably years away from deprecating onion v2 services it is certainly good to have a clear plan. I'm asking because the sooner onion v2 are deprecated the sooner some people can stop worrying about malicious HSDirs. thanks, nusenu -- https://mastodon.social/@nusenu

[tor-dev] Lets give every circuit its own exit IP?

l provide the list of exit IPs for easy blocking? Exits could signal their used netblock via their descriptor. What if they don't? (that in turn opens new kinds of attacks where an exit claims to be /0 and the target effectively blocks everything) - more state to track and store at the exit -...

Re: [tor-dev] Is OutboundBindAddress respected during ORPort IP auto detection?

://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

[tor-dev] Is OutboundBindAddress respected during ORPort IP auto detection?

2.2.2", but that was not necessary previously(?) My assumption here: During auto detection the OutboundBindAddress configuration directive is not relevant. Is that the case? Or why does tor auto-detect IP 1.1.1.1 for instance on 2.2.2.2 even though OutboundBindAddress is used? than

Re: [tor-dev] Consensus-health single-relay data

nionoo does currently (and it is a lot more data to take). -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/c

Re: [tor-dev] DocTor Check for <3 bw auth votes available

> Hi nusenu, the notice pretty clearly says that one isn't present... > > "NOTICE: The following directory authorities are not reporting > bandwidth scanner results: gabelmoo" > https://lists.torproject.org/pipermail/tor-consensus-health/2018-February/008624.html (email

Re: [tor-dev] DocTor Check for <3 bw auth votes available

Damian Johnson: > Hi nusenu, hi teor. We already have a check that we have the expected > bandwidth authorities... > By reading today's emails from https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-consensus-health it is not clear that we are currently with <3 bw a

[tor-dev] DocTor Check for <3 bw auth votes available

Hi Damian, would be great to have a check in DocTor that sends out an email for "there are less than 3 bw auth voting auths available" thanks, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital

Re: [tor-dev] monitoring significant drops of flags in dirauth votes

about most (or filter those that we do not care about) -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/m

Re: [tor-dev] monitoring significant drops of flags in dirauth votes

us-health] NOTICE: moria1 had 1397 Guard flags in its vote but > the consensus had 1761 I assume this has not been deployed - 50% or maybe 40% are fine I guess. To come up with good threshold values one would need to look at historic data for t

Re: [tor-dev] moria1 had 756 HSDir flags in its vote but, the consensus had 2583

ter but all in all nothing to worried about > there as it is expected. Thanks for the explanation! I tried to find it on trac, I guess this is: https://trac.torproject.org/projects/tor/ticket/19162 -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signa

Re: [tor-dev] monitoring significant drops of flags in dirauth votes

> Thanks nusenu! Nice idea, added it to DocTor... thanks for implementing the new check so fast. > https://gitweb.torproject.org/doctor.git/commit/?id=8945013 > > It gives a notice if flags issued by an authority are 50% different > from the conensus. Presently there's on

[tor-dev] monitoring significant drops of flags in dirauth votes

-dirauthvote-per-flag (mainly guard, exit, hsdir - we have already running) graphs as well we could spot such events (and even trends) better. (btw: what caused there recent flat-line in graphs on 2018-02-03 - 2018-02-05) What do you think? thanks for considering it, nusenu [1] https

[tor-dev] BandwidthRate minimal values (was: Re: [tor-relays] Report on the FOSDEM relays meetup)

etwork, this needs to be at the very least 75 KBytes for a relay (that is, 600 kbits) or 50 KBytes for a bridge (400 kbits) but of course, more is better; we recommend at least 250 KBytes (2 mbits) if possible. If you are open to it I'll submit a patch via tra

[tor-dev] onionoo: varnish 503

https://onionoo.torproject.org/details?search=123 > Error 503 Backend fetch failed > > Backend fetch failed > Guru Meditation: > Varnish cache server thanks for having a look -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP di

Re: [tor-dev] onionoo.tpo stuck at 2018-02-02 19:00

thank you for bringing it back! -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor

Re: [tor-dev] small fixes for the sources.list generator (and new options)

nusenu: > If someone with commit privileges has time to review and merge > before the weekend that would be great. teor marked the ticket as merge_ready on 2018-01-31, does anyone with commit privileges have time to merge it? https://trac.torproject.org/projects/tor/ticket/25107

Re: [tor-dev] onionoo.tpo stuck at 2018-02-02 19:00

Karsten Loesing: > On 2018-02-03 12:53, nusenu wrote: >> >> >> Karsten Loesing: >>> On 2018-02-03 01:32, nusenu wrote: >>>> thanks for looking into it >>> >>> Looks like the CollecTor host is down, along with several other hosts.

Re: [tor-dev] onionoo.tpo stuck at 2018-02-02 19:00

Karsten Loesing: > On 2018-02-03 01:32, nusenu wrote: >> thanks for looking into it > > Looks like the CollecTor host is down, along with several other hosts. I > sent mail to the admins. Does that imply that we are actually loosing raw CollecTor data until it comes

Re: [tor-dev] onionoo.tpo stuck at 2018-02-02 19:00

thanks for looking into it -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] small fixes for the sources.list generator (and new options)

> Please fix "from source", or open another ticket so we don't forget to fix it. done. > Did you fix the JavaScript and non-JavaScript versions of the page? yes. -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP d

[tor-dev] small fixes for the sources.list generator (and new options)

tor alpha version to 0.3.3.x Bug 25107: Update the tor alpha version (noscript page version) Bug 25107: fix sources.list generator for Debian Buster If someone with commit privileges has time to review and merge before the weekend that would be great. https://github.com/nusenu/torproject

Re: [tor-dev] website patches for new Tor relay guide sidenav entry

se an upcoming blog post. thanks, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

[tor-dev] trac component for check.tpo?

what is the correct trac component to report that check.tpo is down? Webpages/Website? http://downforeveryoneorjustme.com/check.torproject.org -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature

Re: [tor-dev] onionoo.tpo stuck at 2018-01-21 22:00

was redundant to your nagios check? Would it be possible to publish these alerts on a mailing list? :) -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torp

Re: [tor-dev] [tor-relays] Marker branch for current tor release(s)

gt; Has the reasoning changed? If there will be a canonical alpha release branch in git, a debian repo based on that might happen more likely? (like the debian repo following master) -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature

[tor-dev] website patches for new Tor relay guide sidenav entry

. I will try to ensure they apply (rebase) shortly before you have time to look at them if you can tell me approximately when that will be. thanks, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature

Re: [tor-dev] tor failing to resolve some dns records

cts/tor/ticket/24937 -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] onionoo.tpo stuck at 2018-01-21 22:00

mething like that useful? Thanks for keeping it running besides all the other things you do. I'm wondering if the admin team would be available to cover such cases to reduce the operations load for developers. kind regards, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_ signatu

[tor-dev] onionoo.tpo stuck at 2018-01-21 22:00

01-21 22:00:00", This is currently blocking ornetradar reports. thanks for having a look, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists

Re: [tor-dev] Why do DirAuths take that long to update a relay's version information?

to track this https://trac.torproject.org/projects/tor/ticket/24864 -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

[tor-dev] Why do DirAuths take that long to update a relay's version information?

project.org/projects/tor/attachment/ticket/22488/task-22488-relay-versions.csv.gz -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

[tor-dev] Call for review of Tor Relay Guide (#24497)

/wiki/TorRelayGuide If there are major changes you would like to see please discuss them on the ticket before proceeding in the wiki: https://trac.torproject.org/projects/tor/ticket/24497 looking forward to your feedback and reviews! thanks, nusenu -- https://mastodon.social/@nusenu twitter

[tor-dev] #24526: neeeds review: require ContactInfo+MyFamily for multi-relay operators

Hi, it would be great if someone could review this change so we can move forward on this topic: https://gitweb.torproject.org/nickm/tor.git/commit/?h=bug24526=fbb6f9a1865a923ca97c57757a694532faf9fe93 https://trac.torproject.org/projects/tor/ticket/24526#comment:7 thanks, nusenu -- https

Re: [tor-dev] Did tor-wiki-changes ML break?

thanks for bringing this service back! -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman

Re: [tor-dev] Did tor-wiki-changes ML break?

Hello Damian, Damian Johnson: > Hi nusenu. Yup, I was just thinking about that. CenturyLink did some > work on my apartment's connection yesterday that knocked it offline. > Probably just needs the router to be rebooted but I'm visiting with > family through new years so the

[tor-dev] trac.tpo issues

:) thanks, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] Did tor-wiki-changes ML break?

uld the torproject provide you with a VM to run that service? thanks, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://li

Re: [tor-dev] path selection constraints: /16 subnet rule when using bridges

.1.2.2 - exit has 1.1.2.3 - tor client connects to the bridge using IPv6 Will the client use that exit if it connects to the bridge via IPv6? thanks, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___

[tor-dev] Did tor-wiki-changes ML break?

Hi Damian, it appears to be the case that wiki changes are no longer send to this ML. Could you have a look? https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-wiki-changes thank you! nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP

Re: [tor-dev] path selection constraints: /16 subnet rule when using bridges

Thanks for confirming. -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

[tor-dev] path selection constraints: /16 subnet rule when using bridges

Hi, does the following also apply if a Tor users chooses to use a bridge? > - We do not choose more than one router in a given /16 subnet [1] Will tor ensure that the relays are not in the same /16 netblock with the bridge? thanks, nusenu [1] https://gitweb.torproject.org/torspec.

Re: [tor-dev] How about capping single operators to max. 10% exit capacity of the network?

a. That is indeed a good point. I agree that relative caps would be dangerous in that regard. Absolute single relay cw caps do not have that problem and would prevent insane cw values like >80. I'll setup automatic notifications if certain thresholds are reached. thanks for your feedba

Re: [tor-dev] How about capping single operators to max. 10% exit capacity of the network?

tion of someone's contribution, so they should be handled very > carefully.) I see your point. Also note that there are operators that would actually appreciate such a limit because they do not want to run more than X% (see tor-relays@). thanks for your reply, nusenu -- https://mastodon.s

[tor-dev] How about capping single operators to max. 10% exit capacity of the network?

Hi, since a single operator now controls more than 10% of the tor network's exit capacity I wanted to bring this up here (again [1]). What do you think about capping single operators (family) to 10% exit capacity and 5% for guard operators? regards, nusenu [1] https://lists.torproject.org

Re: [tor-dev] A ContactInfo specification

fort to make that > possible). I should include an URL to Sebastian's ticket: https://trac.torproject.org/projects/tor/ticket/24194 -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev maili

Re: [tor-dev] A ContactInfo specification

g key expiry information in descriptors. I like Sebastian's idea but I also agree to your opt-in remark - which means that we will likely not get much data at all (how many relay operators will opt-in vs. the effort to make that possible). -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.

[tor-dev] onionoo.tpo stuck at 2017-10-25 04:00?

5 04:00:00", (please let me know if you have automated monitoring/alerting so I know that these emails are not useful) thanks, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___

Re: [tor-dev] Reporting Relay Bandwidth Less Often

n more? -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] A ContactInfo specification

elay security, so if they can be linked > to the relay, they should be opt-in. All fields are opt-in and can be linked to the relay if they are published, but if there are concerns about publishing+collecting that information I can remove these fields. -- https://mastodon.social/@nusenu twitter: @nus

Re: [tor-dev] A ContactInfo specification

ent list can not be automated though. Do you consider the following torrc _settings_ too sensitive to publish by relays (without an aggregation scheme)? - OfflineMasterKey setting (0/1) - SigningKeyLifetime - Sandbox (0/1) - Schedulers -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc

[tor-dev] A ContactInfo specification

defaults. The entire document can be found here: https://github.com/nusenu/ContactInfo-Information-Shareing-Specification regards, nusenu [1] https://lists.torproject.org/pipermail/tor-relays/2017-October/013274.html -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc

[tor-dev] metrics: collecting circuit build failures from relays to detect network reachability issues and broken relays

on a proposal. This entire idea would be an opt-in torrc setting at the beginning and a opt-out feature once we are more confident about its implications and safety. Please let me know what you think about this idea. regards, nusenu [1] https://lists.torproject.org/pipermail/tor-project/2017-October

Re: [tor-dev] non-ASCII handling in tor and onionoo

://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

[tor-dev] non-ASCII handling in tor and onionoo

ry correct? Currently non-ASCII is not compliant with the spec but your consensus is that non-ASCII chars should be supported but no one got around to patch the spec and implementation. thanks, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_ signature.asc Description: OpenPGP digital

Re: [tor-dev] Your input on the Tor Metrics Roadmap 2017/18

el pages showing aggregated graphs https://trac.torproject.org/projects/tor/ticket/23509 and realized that it would be much more powerful to graph whatever the the user found with an arbitrary search term. The problem with that is probably scalability as searches might result in many hundret

Re: [tor-dev] Auto-senescence and/or CW penalty for a less outdated tor network?

tion for dir auths like recommended version. (3) will not stop old relays from contacting dir auths. > We have a ticket to make a plan to kill off old client versions: > https://trac.torproject.org/projects/tor/ticket/15940 > But there's no equivalent ticket for relay v

[tor-dev] Auto-senescence and/or CW penalty for a less outdated tor network?

tps://consensus-health.torproject.org/#recommendedversions [3] https://gitweb.torproject.org/torspec.git/tree/proposals/264-subprotocol-versions.txt#n133 [4] https://gist.github.com/nusenu/1302a04b26dac8e2ef838117f5f3fd2b So back to Alfie's suggestion. If tor should shutdown when 'too old' we have to kno

[tor-dev] onionoo.tpo stuck at 2017-06-12 12:00?

Hi, just wanted to let you know that the delta between relays_published and current time is unusually high. https://onionoo.torproject.org/details?limit=0 {"version":"4.0", "relays_published":"2017-06-12 12:00:00", -- https://mastodon.so

[tor-dev] specific From: for tor-bugs ML emails (like tor-wiki-changes)

r Bug Tracker & Wiki") regards, nusenu -- https://mastodon.social/@nusenu https://twitter.com/nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/c

Re: [tor-dev] onionoo.tpo hardly reachable

oject.org/ -- https://mastodon.social/@nusenu https://twitter.com/nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] onionoo.tpo hardly reachable

a mirror (it might take a bit longer than a day since the initial onionoo import of all these CollecTor archives will take its time) -- https://mastodon.social/@nusenu https://twitter.com/nusenu_ signature.asc Description: OpenPGP digital signature _

Re: [tor-dev] onionoo.tpo hardly reachable

oo(+atlas) mirror is certainly helpful from my point of view. -- https://mastodon.social/@nusenu https://twitter.com/nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torprojec

Re: [tor-dev] onionoo.tpo hardly reachable

ny data. > >> Any ETA on when this will improve? > > It should be better now. If it's still bad after the weekend, we'll > make a new plan. It got better after your email, but now it is back at 4 out of 5 atlas searches running into a backend error message. -- https://mastodon.socia

[tor-dev] onionoo.tpo hardly reachable

Hi Karsten, onionoo is hardly reachable since about 17 hours ago. Is this only externally facing or will this also cause onionoo to miss descriptors internally? Any ETA on when this will improve? thanks, nusenu -- https://mastodon.social/@nusenu https://twitter.com/nusenu_ signature.asc

Re: [tor-dev] man page: MyFamily

ersion (instead of no version). -- https://mastodon.social/@nusenu https://twitter.com/nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/li

Re: [tor-dev] man page: MyFamily

nusenu: > no one is using nicknames anymore, or onionoo does not display > fingerprints?) Are nicknames still supported? correction, I found some nicknames in onionoo's alleged_family field of the following relays, so they use it, but didn't find any in effective_family. So it should b

[tor-dev] man page: MyFamily

s" to "This option can be repeated many times, for multiple fingerprints" (from one relay's view there is only one family) nusenu inline patch below (I can paste it to trac if you like) [1] https://gitweb.torproject.org/tor.git/commit/?id=d76cffda601eed40d6a81eadb1240d98ee1e70a2 htt

Re: [tor-dev] making sure I configure OutboundBindAddressExit correctly

;OR") for IPv6 as well (IPv6 ORPort line is already in place). https://github.com/nusenu/ansible-relayor/commit/d708e9c85963455de1975a0af4e30414f7118ec0 > Also, the documentation is unclear, and we need to fix it: > https://trac.torproject.org/projects/tor/ticket/22145 That was me fil

[tor-dev] making sure I configure OutboundBindAddressExit correctly

instances on the same host use the same OutboundBindAddressExit address? (ignoring the fact that big exits might run out of source ports?) thanks, nusenu [1] https://github.com/nusenu/ansible-relayor/commit/00fa7c571e8b6f6256092d992831598ad73201db -- https://mastodon.social/@nusenu https

Re: [tor-dev] minimizing traffic for IoT Tor node over 3G/LTE

rproject.org/projects/tor/ticket/13339 -- https://mastodon.social/@nusenu https://twitter.com/nusenu_ signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi

Re: [tor-dev] minimizing traffic for IoT Tor node over 3G/LTE

er-bw-granularity.txt https://gitweb.torproject.org/torspec.git/tree/proposals/277-detect-id-sharing.txt https://gitweb.torproject.org/torspec.git/tree/proposals/278-directory-compression-scheme-negotiation.txt -- https://mastodon.social/@nusenu https://twitter.com/nusenu_ signature.asc D

Re: [tor-dev] Rethinking Bad Exit Defences: Highlighting insecure and sensitive content in Tor Browser

Tom Ritter: > It seems reasonable but my first question is the UI. Do you have a > proposal? The password field UI works, in my opinion, because it > shows up when the password field is focused on. Assuming one uses the > mouse to click on it (and doesn't tab to it from the username) - they >

Re: [tor-dev] generate relay fingerprint without tor given the datadir/keys folder?

> Not as messy as I thought though: > $ openssl rsa -in secret_id_key -outform DER -RSAPublicKey_out | sha1 thank you signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org

[tor-dev] generate relay fingerprint without tor given the datadir/keys folder?

] the RSA public key should be in keys/secret_id_key. openssl rsa -in secret_id_key -pubout| ..? |sha1sum thanks, nusenu [1] > "fingerprint" fingerprint NL > >[At most once] > >A fingerprint (a HASH_LEN-byte of asn1 encoded public key, encoded in &g

Re: [tor-dev] how to enable IPv6 exiting - aka "how to get p6 lines into your microdescriptors"

nusenu: > tldr; How do you enable IPv6 exiting in torrc? > > the following torrc part is apparently _not_ enough: > > IPv6Exit 1 > ExitRelay 1 > ExitPolicy reject *:25 > ExitPolicy accept *:* > ExitPolicy reject6 *:25, accept6 *:*# AFAIU from the tor man page &g

Re: [tor-dev] ExitPortStatistics interpretation

Karsten Loesing: >> Oh thanks, so it is not possible to find out which is the most frequent >> exit port by number of streams opened, that's a pity. > Well, that one is easy: port 80. :) Ok, maybe I should have said that differently: "so it is not possible to find out which are the top 10 (or

Re: [tor-dev] ExitPortStatistics interpretation

Karsten Loesing: > Those are the 10 ports with the highest number of (written and read) > bytes, unrelated to the number of stream. And all lines below report > statistics for these 10 ports plus "other". Oh thanks, so it is not possible to find out which is the most frequent exit port by

Re: [tor-dev] onionoo: understanding 'exit_policy_v6_summary'

Karsten Loesing: > Not much we can do in Onionoo here, I'm afraid. I agree that is what I meant with: > Since none of the microdescriptors of that relay in Jan 2017 contained a > "p6" line onionoo works as expected. sorry to bother you. signature.asc Description: OpenPGP digital signature

[tor-dev] ExitPortStatistics interpretation

=1092,443=3499276,5000=29600,5753=8920,6881=43496,8080=31184,8333=472,8999=16572,51413=51496,other=1925104 so the ports 80 182 443 5000 5753 6881 8080 8333 8999 51413 are the most used exit ports on that given relay (not by that order). thanks, nusenu [1] https://gitweb.torproject.org/torspec.git

Re: [tor-dev] how to enable IPv6 exiting - aka "how to get p6 lines into your microdescriptors" (was: onionoo: understanding 'exit_policy_v6_summary')

tldr; How do you enable IPv6 exiting in torrc? the following torrc part is apparently _not_ enough: IPv6Exit 1 ExitRelay 1 ExitPolicy reject *:25 ExitPolicy accept *:* ExitPolicy reject6 *:25, accept6 *:*# AFAIU from the tor man page this line is redundant

Re: [tor-dev] onionoo.tpo stuck at 2017-01-27 13:00

>> I assume you are already aware that onionoo is currently a bit behind >> (2017-01-27 13:00). > > Yes, I'm upgrading to protocol version 3.2 Thanks! Looking forward to see #20994 deployed. signature.asc Description: OpenPGP digital signature ___

Re: [tor-dev] onionoo.tpo stuck at 2017-01-27 13:00

Karsten Loesing: > If you notice similar problems in the future, be sure to let us know! > We do have a few checks in place, but this issue slipped through > somehow. I assume you are already aware that onionoo is currently a bit behind (2017-01-27 13:00).

[tor-dev] onionoo: understanding 'exit_policy_v6_summary'

lay rejects all connections to IPv6 addresses. thanks, nusenu [1] https://atlas.torproject.org/#details/5E762A58B1F7FF92E791A1EA4F18695CAC6677CE {"nickname":"sorrentini","fingerprint":"5E762A58B1F7FF92E791A1EA4F18695CAC6677CE","or_addresses":[

[tor-dev] log: ORPort/DirPort address does not match descriptor address

ces (with >1 public IP). https://github.com/nusenu/ansible-relayor/issues/101 thanks, nusenu signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] RFC: Tor long-term support policy

> == Plan for current releases == > > 0.2.4.x, 0.2.6.x, and 0.2.7.x, will all receive at least one more >stable release. Support for them will end on 1 August 2017. > > 0.2.8.x will be supported until 1 January 2018. > > 0.2.5.x is retroactively declared an LTS release, and will be >

[tor-dev] ExcludeExitNodes and ExcludeNodes but no "ExcludeEntryNodes"?

in the guard position than to exclude it completely via ExcludeNodes + StrictNodes since guards are used for a longer timeperiod. thanks, nusenu signature.asc Description: OpenPGP digital signature ___ tor-dev mailing list tor-dev@lists.torproject.org https

Re: [tor-dev] blacklisting relays with end-to-end correlation capabilities?

Sebastian Hahn wrote (2016-12-08): >> On 08 Dec 2016, at 14:03, nusenu <nus...@openmailbox.org> wrote: >> >> Dear tor directory authorities, >> >> TLDR: Would you blacklist relays with end-to-end correlation capabilities? > > > I do not think that t

Re: [tor-dev] automatically detect many new identical/similar bridges

>> I'm not sure I understand what you mean by brute-forcing in this case >> since I would not suggest any deterministic algorithm (like a hash) that >> takes an ASname and a timestamp and produces a string but just a >> AS number -> random id >> mapping, stored for a day or an hour and deleted

[tor-dev] CollecTor: contactinfo sanitization on bridge descriptors (was: automatically detect many new identical/similar bridges)

Dear CollecTor devs, > https://collector.torproject.org/#bridge-descriptors >> 5. Replace contact information: If there is contact information in a >> descriptor, the contact line is changed to somebody. would you be willing to change this to allow 1:1 mapping (one way but not a hash) from the

[tor-dev] automatically detect many new identical/similar bridges

learn the AS in which a new bridge is added if they added a bridge in the same AS on the same day. To reduce this problem it could be a hourly generated identifier. regards, nusenu [1] https://lists.torproject.org/pipermail/tor-project/2016-December/000851.html signature.asc Description

<    1   2   3   4   >