MyFamily and ContactInfo fields are required for operators running multiple tor instances
Hi,
I'd like to highlight that today the following two sentences requiring ContactInfo and MyFamily for operators running multiple relays got added to the tor manual page [1]:
ContactInfo **must** be set to a working address if you run more than one relay or bridge. (Really, everybody running a relay or bridge should set it.) MyFamily **must** be set correctly if you run more than one relay or bridge. (That is, every relay should list all the others as described above.)
The main motivation for this change have been suspicious tor relays that bad-relays@ ML decided to remove but had no way direct way to contact and so was forced to make hard decisions.
With these clear statements bad-relays@ ML group can handle problematic cases better.
regards, nusenu
[1] https://gitweb.torproject.org/tor.git/tree/doc/tor.1.txt#n1717
MyFamily **must** be set correctly if you run more than onerelay or bridge. (That is, every relay should list all the others as described above.)
So if I run some relays and also some bridges I must to specify unhashed fingerprints of the bridges in MyFamily in configs of all my relays?
On 11. Jan 2018, at 20:44, Dmitrii Tcvetkov demfloro@demfloro.ru wrote:
MyFamily **must** be set correctly if you run more than one relay or bridge. (That is, every relay should list all the others as described above.)
So if I run some relays and also some bridges I must to specify unhashed fingerprints of the bridges in MyFamily in configs of all my relays?
No. That's harmful. Never list bridge fingerprints in MyFamily. I have reopened the closed bug report[0] because the man page now gives this harmful advice (and actually contradicts itself). Let's hope it gets fixed quickly.
On Thu, 11 Jan 2018 21:02:42 +0100 Sebastian Hahn mail@sebastianhahn.net wrote:
On 11. Jan 2018, at 20:44, Dmitrii Tcvetkov demfloro@demfloro.ru wrote:
MyFamily **must** be set correctly if you run more than one relay or bridge. (That is, every relay should list all the others as described above.)
So if I run some relays and also some bridges I must to specify unhashed fingerprints of the bridges in MyFamily in configs of all my relays?
No. That's harmful. Never list bridge fingerprints in MyFamily. I have reopened the closed bug report[0] because the man page now gives this harmful advice (and actually contradicts itself). Let's hope it gets fixed quickly.
Yeah, thats why I asked. Thanks for the answer.
If my relay running at ip A is also available, although not advertised, at ip B, should I bother with MyFamily settings?
This may happen if the relay is running as service in a docker swarm.
On Thu, Jan 11, 2018 at 9:11 PM, Dmitrii Tcvetkov demfloro@demfloro.ru wrote:
On Thu, 11 Jan 2018 21:02:42 +0100 Sebastian Hahn mail@sebastianhahn.net wrote:
On 11. Jan 2018, at 20:44, Dmitrii Tcvetkov demfloro@demfloro.ru wrote:
MyFamily **must** be set correctly if you run more than one relay or bridge. (That is, every relay should list all the others as described above.)
So if I run some relays and also some bridges I must to specify unhashed fingerprints of the bridges in MyFamily in configs of all my relays?
No. That's harmful. Never list bridge fingerprints in MyFamily. I have reopened the closed bug report[0] because the man page now gives this harmful advice (and actually contradicts itself). Let's hope it gets fixed quickly.
Yeah, thats why I asked. Thanks for the answer.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Charly Ghislain:
If my relay running at ip A is also available, although not advertised, at ip B, should I bother with MyFamily settings?
This may happen if the relay is running as service in a docker swarm.
If only one of your relays in consensus you do not need to set MyFamily. If you have more than one relay in consensus MyFamily is required.
On Jan 11, 2018 19:09, "nusenu" nusenu-lists@riseup.net wrote:
Hi,
hi,
I'd like to highlight that today the following two sentences requiring ContactInfo and MyFamily for operators running multiple relays got added to the tor manual page [1]:
ContactInfo **must** be set to a working address if you run more than
one
relay or bridge. (Really, everybody running a relay or bridge should
set
it.) MyFamily **must** be set correctly if you run more than one relay or bridge. (That is, every relay should list all the others as described above.)
sorry for getting back to it a little late!
well ...
considering that MyFamily is perfectly fine, what about those using *only* PGP key fingerprints as ContactInfo? valid keys, publicly available (with working email address, and personal info from the admin).
will these relays be removed from the network, or tagged as "bad" ones?
The main motivation for this change have been suspicious tor relays that bad-relays@ ML decided to remove but had no way direct way to contact and so was forced to make hard decisions.
With these clear statements bad-relays@ ML group can handle problematic cases better.
regards, nusenu
[1] https://gitweb.torproject.org/tor.git/tree/doc/tor.1.txt#n1717
-- https://mastodon.social/@nusenu twitter: @nusenu_
KR,
Vinícius Zavam:
considering that MyFamily is perfectly fine, what about those using *only* PGP key fingerprints as ContactInfo? valid keys, publicly available (with working email address, and personal info from the admin).
will these relays be removed from the network, or tagged as "bad" ones?
I don't think so.
(please fix the quoting or remove the text from the original email if you are not quoting - it is hard to find your lines among the others)
On Wed, Jan 31, 2018 at 3:08 PM, Vinícius Zavam egypcio@googlemail.com wrote:
what about those using *only* PGP key fingerprints as ContactInfo? valid keys, publicly available (with working email address, and personal info from the admin).
will these relays be removed from the network, or tagged as "bad" ones?
Seems to me that any readily discernible format of listing any reasonably frictionless contact method should be viewed as ok...
PGP, ricochet, IPFS, postal mail, email, CJDNS, telephone, twitter, ICQ, blockchain message, whatever.
Ambiguous addresses of such systems can be made discernible / differentiable by prefixing them with tags... pgp:, tel:, onioncat:<ipv6>, irc network, etc
If someone obfuscates an email address by converting it to binary blob or digits, without explaining it in the contact field as such, that's probably not 'readily discernible'.
Nor would closed source or paid services likely be a 'reasonably frictionless' means of communication for many in this space.
The more complex or esoteric the system, or unbuffered realtime presence it requires to use it, the more likely no one will bother, leading to potential problems when trying to...
"Hey, what's up with your relay?".
tor-relays@lists.torproject.org
-
Charly Ghislain -
Dmitrii Tcvetkov -
grarpamp -
nusenu -
Sebastian Hahn -
Vinícius Zavam