There seems to be a consensus toward building a web of trust. Thinking about it again, I don't like much the direction it is going.
I see tor as a web of untrust actually. I never much appreciated the power already granted to directory authorities. I want to be able to use any relay (I choose) as guard or exit easily (at the operator's discretion), but currently unless Im mistaken I need to wait for those authorities to flag them as appropriate.
Some of this power makes sense at the network level to balance traffic fluently between relays and decrease the probability of bad actors obtaining meaningful data, but others like the recent ban initiated by nunseu sounds like abuse to me. His proposal moves forward in that direction imo.
To be clear, I rely on him and others monitoring the network for bad actors and I believe they made the right move when kicking them off.
However I think it would be preferable to keep as much as possible the open design at the network level. Anything trying to build a web of trust should be completely separate, for instance published white and blacklists. Authorities flagging relays with verified email or physical addresses could publish their lists, and this could be used by the clients with the default configuration. But no single relay - however bad someone thinks it is - should be kicked off the network by the network itself. Especially not on the basis of individual human decisions.
There are a lot of other ways to mitigate sybil attacks, and contrary to the blog post statement that tor can handle some malicious relay only, I believe the design allows for a network entirely powered by malicious relays provided they are belonging to different actors and sufficiently distributed amongst them. I personally would not trust any relay Im not operating directly.
Isn't it a good time to move more decisions to the clients, like choosing between speed vs randomness, agreeing on blacklists/whitelists of some authority, etc? Im sorry if I missed some obvious goals of the project or that Im bringing up previously discussed options.
c