[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #19271 [Core Tor/DirAuth]: Remove urras from default_authorities



#19271: Remove urras from default_authorities
-----------------------------------+---------------------
 Reporter:  cypherpunks            |          Owner:
     Type:  defect                 |         Status:  new
 Priority:  Medium                 |      Milestone:
Component:  Core Tor/DirAuth       |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:  ioerror urras dirauth  |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+---------------------

Comment (by cypherpunks):

 urras is the dirauth Jake runs.  Of course, dirauths must be fully
 trusted.  Recent events (which should be discussed elsewhere) have cast
 doubt on urras' trustworthiness.  Now, I am not in any rush to kick urras
 out.  It has been (AFAIK) well-behaved up until now, and there's a reason
 we have a consensus vote.

 However, now is the time for the Tor Project to forumlate and publish a
 procedure, so in this case and in the future there is a neutral,
 transparent and not-so-arbitrary way to add or remove a dirauth.

 I am very uncomfortable with the current procedure, which appears to be,
 "Current Tor Elites/dirauths meet and decide in a smoke-filled mailing
 list".  The opacity and secrecy surrounding the dirauths--one of the most
 important, if not ''the'' most important, foundations of trust in Tor--
 worries me very much.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19271#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs