[tor-relays] Individual Operator Exit Probability Threshold

nusenu nusenu-lists at riseup.net
Sat Sep 23 09:36:00 UTC 2017


John Ricketts:
> I am about to fire up more Exit Relays  and if I do so I will jump
> from my roughly 3% of Exit Probability to what technically could
> easily reach 6-8%.
> 
> I would like to know everyone’s opinion on having an individual
> operator have that much exit share.  In my case, all the traffic
> would be coming from the same AS as well, but distributed over four
> different cities with different upstream carriers.
> 
> Please chime in, if I get the a green light from the discussion it
> will happen within a month.

First of all:
Thank you for growing the tor network exit capacity and being open about
your plans.


Big operators should be aware that they are more likely to be a
person/group of interest to certain non-friendly entities than others.
Ideally they take this risk and responsibility seriously and operate
their relays accordingly.

With a growing size of a single operator stability, availability and
recovery time becomes also more relevant. A single small operator going
down is NOT an issue that many would notice, but an operator running 10%
exit prob. will more likely cause some noticeable impact.

The usual points apply but become more important with the increasing
cw/exit fraction of an operator.

These are not meant as questions, just food for thought:

- timely reaction to new security updates
- 24/7 operations? auto-updates?
- configuration management
- family management
- geo diversity
- time to recover from complete relay(s) compromise (without rekeying)
(> Are relays operated in OfflineMasterKey mode?)
- security monitoring and alerting?
- management workstation exposed to Internet? browsing? email? attacks)
(dedicated machine? Qubes OS?)
- direct peering and connectivity for a short path to common targets
(like emeraldonion does)
- servers used for tor only? (no shared use cases)
- abuse handling
- legal risks?
- upstream diversity
- in-operator OS diversity


-- 
https://mastodon.social/@nusenu
https://twitter.com/nusenu_

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170923/4b97a448/attachment.sig>


More information about the tor-relays mailing list