[tor-relays] suspicious "Relay127001" relays

Roger Dingledine arma at mit.edu
Wed Jul 6 12:56:24 UTC 2016

On Tue, Jul 05, 2016 at 10:00:22PM -0700, Green Dream wrote:
> So... what's going on in this particular case and what are the directory
> authorities going to do, if anything?

Yesterday we started the move towards blocking them. (The move takes a
little while, since it needs a sufficient fraction of directory authority
operators to do it.) Specifically, it looks like 3 of the dir auths have
moved to reject them, and I hear a 4th will be doing it soon, and that
should be sufficient.

Speaking of which, a while ago I started a discussion of how to
streamline that process:
but it remains unclear whether that idea is a good one or a bad one.

> As a relay operator near the top of the CW list, I continue to be somewhat
> uncomfortable with the lack of transparency regarding the directory
> authority decisions. It would be nice if the decision making process around
> these types of events was a bit more transparent.

First, thanks for running a relay! Second, I agree about the transparency
side. Part of our challenge is that the directory authority operators,
like everybody else in Tor-land, are overloaded.  But that by itself is
no excuse. The bigger problem is that identifying and bumping out bad
relays is an inherently unbalanced situation -- unbalanced in favor of
the bad relays. See
for more discussion on this point.

I wonder if there's a good balance we can strike, e.g. where we make it
clear to the world when we decided to bump out a set of relays, since
those relays are going to figure it out themselves soon enough? In this
case we actually found these relays misbehaving (accessing onion
addresses that they learned about), and maybe that detail is reassuring
to some people, but again that arms race for noticing misbehaving HSDirs
is a really crummy one from our perspective. (See also the upcoming
hotpets and defcon talks by Guevara Noubir et al.)


More information about the tor-relays mailing list