[network-health] Changes on the Tor Network - #31549

David Goulet dgoulet at torproject.org
Wed Oct 2 19:50:46 UTC 2019 

On 30 Sep (16:31:21), David Goulet wrote:
> On 30 Sep (14:56:26), gus wrote:
> > On Wed, Sep 11, 2019 at 09:26:26AM +1000, teor wrote:
> > > Hi,
> > > 
> > > > On 11 Sep 2019, at 01:14, David Goulet <dgoulet at torproject.org> wrote:
> > > > 
> > > > There are things in there that might be _very_ dicy or even controversial for
> > > > some in TPO. Especially around the "fadding out LTS support for relays".
> > > > 
> > > > My approach here was to list some things for which having an LTS policy and
> > > > EOL relays in the network is actually hurting us. And then the conclusion of
> > > > removing EOL relays + new upcoming relay policy.
> > > 
> > > Should we get Nick to check this?
> > > He wants a strong commitment to our current LTS schedule.
> > > 
> > > T
> > 
> > Hi, 
> > 
> > I made a small update to point relay operators to Debian repository
> > instructions: https://support.torproject.org/apt
> > 
> > I read the blog post and the only suggestion that I have is to change
> > the order of the paragraphs. The information about what's going to
> > happen and how to take action should be in the first paragraphs. I don't
> > want users in panic, but if people will read one paragraph before
> > jumping to other website, which information they must be aware of?
> > 
> > Thanks for the blog post! It's pretty good! :)
> 
> Thanks Gus!!!
> 
> So heads up everyone: I've just came back today from vacation so I haven't had
> time to revisit the post.

There it is: https://pad.riseup.net/p/rZ2AWu66KJKJw1gAxkrw-keep

I'm asking you all for a _very_ quick review of this. Please directly do any
corrections onto the pad.

The timeline for this as speed up quite a bit due to the now rejection
strategy as stated in the post. This is mainly motivated now because of a
possible large scale attacker that was found on the network some days ago for
which the relays are all in the EOL relay set. (Two stones at once).

I'm still unsure of the timeline that is the *when* we'll push the reject
rules to the dirauth since I'm still discussing things with them on the
dirauth list.

But I expect in the coming days starting tomorrow.

The network team security list has been informed of this with more details.
Most of active bad relay team people as well. And finally the dirauth
community. Steph is also in the loop for this post. I will inform Isabela
after I send this email as well.

(Syncing everyone is not easy!)

And IMO we _have_ to release this post roughly at the same time as we are
rolling out the reject rules to the dirauth so we don't give a chance of the
attacker to upgrade to a stable release too quickly.

Thanks everyone!
David

-- 
t9JRb9sByD7tnqJuvCEeVZHLk5euodS338Tfz3li0Jc=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/network-health/attachments/20191002/24b4d285/attachment.sig>

More information about the network-health mailing list