[tor-bugs] #2671 [Tor Relay]: Better communication for authority operators, core developers in emergency situations

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Mar 7 22:01:52 UTC 2011 

#2671: Better communication for authority operators, core developers in emergency
situations
-----------------------+----------------------------------------------------
 Reporter:  nickm      |          Owner:       
     Type:  task       |         Status:  new  
 Priority:  normal     |      Milestone:       
Component:  Tor Relay  |        Version:       
 Keywords:             |         Parent:  #2664
   Points:             |   Actualpoints:       
-----------------------+----------------------------------------------------
 When in danger or in doubt,
    run in circles, scream and shout!
    - traditional motto, possibly naval.

 When the bug behind #2664 happened, it took us a few hours to notice.
 That was bad, and #2666 is about trying to notice such situations faster.
 But another problem is that even after we noticed, it still took a while
 to sort out who knew how best to contact which operators.  Probably
 developers should get contacted to in the

 We should figure out, for each authority operator and core developer[*],
 the best two or three ways to contact them in the case of an emergency.
 If these ways are not something we want to publish (e.g., phone numbers),
 a few people should know them, and all Tor people should know who those
 people are and how to contact them in a hurry.

 We should have some emergency-response mechanisms in place.  If
 communications are security-sensitive, we should have a way to deal with
 it in place, rather than the current approach of "send gpg-encrypted email
 to those people whose keys you happen to have" or "immediately go dark,
 use OTR to talk pairwise to people you know".  Those approaches scale
 badly; we can probably do better.

 We should also have planned responses for emergency events like "A key
 server looks like it might have been compromised"; "somebody has reported
 a vulnerability"; "somebody has disclosed a vulnerability"; "one or more
 authorities have gone down strangely;" "looks like the network is
 crashing;" and so on.


 [*] "core developer" is here defined as "a developer who is likely to
 needed urgently when something breaks."

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2671>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list