[or-cvs] r14619: Notes on authority diversity for authority-policy.txt (in tor/trunk: . doc/contrib)

nickm at seul.org nickm at seul.org
Thu May 15 06:11:55 UTC 2008 

Author: nickm
Date: 2008-05-15 02:11:54 -0400 (Thu, 15 May 2008)
New Revision: 14619

Modified:
   tor/trunk/
   tor/trunk/doc/contrib/authority-policy.txt
Log:
 r15623 at tombo:  nickm | 2008-05-15 02:10:53 -0400
 Notes on authority diversity for authority-policy.txt



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r15623] on 49666b30-7950-49c5-bedf-9dc8f3168102

Modified: tor/trunk/doc/contrib/authority-policy.txt
===================================================================
--- tor/trunk/doc/contrib/authority-policy.txt	2008-05-15 06:00:14 UTC (rev 14618)
+++ tor/trunk/doc/contrib/authority-policy.txt	2008-05-15 06:11:54 UTC (rev 14619)
@@ -31,6 +31,8 @@
      - Must be available to upgrade within a few days in most cases.
        (While we're still developing Tor, we periodically find bugs that
        impact the whole network and require dirserver upgrades.)
+     - Should be have a well-known way to contact the administrator
+       via PGP-encrypted message.
 
    o Integrity:
      - Must promise not to censor or attack the network and users.
@@ -41,8 +43,24 @@
        otherwise, you will fight it to the extent of your abilities. If
        you fail to fight it, you must shut down the Tor server and notify
        us that you have.
-     - Dirservers (and operators) in a variety of jurisdictions are best.
 
+   o Diversity
+     - We should avoid situations that make it likelier for multiple
+       dirserver failures to happen at the same time.  Therefore...
+       - It's good when dirservers are not all in the same country.
+       - It's good when dirservers are not all in the same jurisdictions.
+       - It's good when dirservers are not all running the same OS.
+       - It's good when dirservers are not all using the same ISP.
+       - It's good when dirservers are not all running the same
+         version of Tor.
+       - No two dirservers should have the same operator.
+     - Maximal diversity, however, is not always practical.  Sometimes,
+       for example, there is only one version of Tor that provides a
+       given consensus generation algorithm.
+     - A small group of authorities with the same country/jurisdiction/OS is
+       not a problem, until that group's size approaches quorum (half the
+       authorities).
+
 2. How to choose the recommended versions
 
   The policy, in a nutshell, is to not remove versions without a good
@@ -68,3 +86,4 @@
 +one"
 > i try to draw the line at 'good reasons and above'
 
+

More information about the tor-commits mailing list