[tor-relays] improving the badexit flag process

[Nusenu]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The relay appears to be down (still hasn't gotten the bad exit flag -
who knows if they are going to start it again) but this occurrence
rises a few questions in general.

>> It hasn't got the badexit flag yet.
> 
> The relay operator wasn't aware of the problem and said he would 
> look into it on Monday.

If you are implying that the current process starts with
'let the relay operator handle it', I'd suggest to set the badexit for
confirmed bad "properties" *first* (no matter whether they are caused by
the relay operator itself or its upstream/ISP) and give the relay
operator the chance to request a badexit flag removal upon repair (not
the other way around).


"Nevertheless, if such attacks seem to be run by an exit relay whereas
they are in fact conducted by the network backbone, it is beneficial to
all Tor users that this relay is assigned the BadExit flag."

we seem to agree :)

>> How long does it usually take for the dirauth operators to agree 
>> on that / deploy?
> 
> It can range from one hour to several days.  It's clearly not good
>  enough at this point and we are trying to get better at it.

Are there specific trac entries for this?

> 
>> I also had in mind that there was a exit relay scanner (from 
>> Mike?) that would decrease response time. Is that still in place 
>> or are we depending on volunteers reporting badexits?
> 
> All exit relay scanners we are aware of are listed here: 
> <https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays>

The
>
>
>
> 
page states several times "let us know" (even in bold)
but there is no information on how you are supposed to contact "them".

The described method to determine your exit node - by going to check.tpo
is not really applicable when you are not able to reach it (ssl
warning) and who knows if you are still on the same exit.
Without vidalia (which is no longer used by default) it is actually non
trivial [1] to find out what your exit relay was. So reporting
suspicious behaviour isn't easy for ordinary users.

How long does your scanner take these days for a complete scan?

ok, found it:
"makes it possible to scan all exit relays within a matter
of only seconds"

That sounds impressive.
Looking forward to play with it.

How long does it usually take to detect a newly started badexit?

quote: "we scanned all exit relays several times a week."
So I guess less than 2days to detect a new malicious exit?

Did your scanner detect this occurrence (D9B6E8F3) before it has been
reported on this mailing list?


Is there already a mailing list for automated scan result alerts?
 - I haven't found one.

What do you think about creating one where every scanner sends its
alerts to?
(something similar to the consensus-health ML)


I've got a question regarding your torbutton multi path certificat
verification but will ask that elsewhere (doe not really fit to
tor-relays).



[1] https://lists.torproject.org/pipermail/tor-dev/2014-July/007115.html


-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTxFp7AAoJEDcK3SCCSvoezaUP/3a87qNhv8cvBWCrPyjQr0M6
0rS/L7c5coK7xg8OkaGLdlwY4kOgtZjbhCPAJVnWk2soQrouGjIpsO+52noOE0Fk
aWCUvlwjvmOBG0Aw42grtbhKfI+0kPDFgFZ1Za+CnuMwI3rmzFuSdIIT8loNx1tE
1V9DL1BKvLOeeHKgJdtY/Hmr8t5i8rj1v3KyYh5mXr/rizlG+Sl6U13qUcM3L6tq
wMd3dedMl3AF223Oy5norFZS7H4w/rUfq1cwhmIBws9t9FTpjQKgDLqO/jpI09Y+
P7V1x3kkYBl1BEM9T+83ppk9Yyt0A8imGce3OgjnRwNyY3UjHIY0MyVJOCWPXSAT
Msi91V7ynUeArCOLBPpWBuew8cskviBaJKcjmWeFhtIjikfRTqApSwRLvV+9N9CO
QT8VLh0LieEkoB86jaSiCAZ0bM8yavuaZMAJQxvs7b+QmOTcz64tm0VzgQ0Stu5B
OSvXzQpEHrNWflP23p5U0RJkacFtvnznUFNojKYwYakMU78JGOEH5+8X6EL6EJrX
MIp3SIXnWlYjGZA96kE88ASCbLPPGQuMhMWUFIlw9LuUdecn1xse8CBOPMuGDIZT
MwqZc+k2Rim9+8Y35qColwf012saPzxvT1c576b6HjFmjxAEMcN/mBzUkYepm0hm
cyY9QX2n9hGyNqSt5e0+
=1UXO
-----END PGP SIGNATURE-----