[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Hello CypherpunkLabs Tor relays

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Hello CypherpunkLabs Tor relays
From: William Kane <ttallink@xxxxxxxxxxxxxx>
Date: Tue, 25 Aug 2020 21:45:47 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 26 Aug 2020 04:32:46 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=xp/fWjh9jiHJb0+0/ECSS6d8EgXKqU2Z8owZPbzTtQ8=; b=pTdFDyG50hIrrvd8QC3MqHOpteZwACqEVjl6iDCPEOOVq+/SDDXnK5f3TD90mpNsOx QJwVUya6bRjIIyaUETNbNr8YN5j86+zP+lY6NvPqqjgV4cN/xLJ6Av9yGf3KMRc/2qbk WsVX2ta97Aber3oTHdXsUTYGR33ekKS1J5szuyR/apwkZt9ynM/Fl0+YS9Jd7wg4S5VE LTiGVlvrzkSbQhmLWTt+b3Cd5+HuAbawy4KkCz1PuD0Pr2kYvKVSSB8ShnFBJYxpcM8R y5mXmyI8LOtIDFtCFT49O4JrTxAGKj3IAYkZechmlyrMxaenB2qAWckh17uZAB4BAmsJ rz6g==
In-reply-to: <d11e9066-3713-5527-f51e-03480dd97042@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <d11e9066-3713-5527-f51e-03480dd97042@riseup.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

We should at some point probably look into banning or de-prioritizing
relays hosted under the 4 AS's listed above, given enough network
capacity.

Or maybe only allow x% of guard / middle / exit fraction per AS and
then de-prioritize.

2020-08-24 21:17 GMT, nusenu <nusenu-lists@xxxxxxxxxx>:
> Hello CypherpunkLabs,
>
> I noticed your set of new relays and wanted to say hi,
> welcome you to the Tor relay community
> and give you a few recommendations and pointers especially since you are
> aiming to run 100 tor relays.
>
>
> The Tor relay guide has a lot of useful information, so you probably want to
> start there:
> https://torproject.org/relay-guide
>
> Since all your current relays appear to be OVH based I'd like to point out
> the following
> quote from the guide:
>
>> Try to avoid the following hosters:
>>
>>     OVH SAS (AS16276)
>>     Online S.a.s. (AS12876)
>>     Hetzner Online GmbH (AS24940)
>>     DigitalOcean, LLC (AS14061)
> https://community.torproject.org/relay/technical-considerations/
>
> The reasoning behind this, is that those hosters are already hosting many
> tor relays,
> and the network dislikes centralization. OVH is the biggest commercially
> available tor hoster in terms of exit capacity
> today already.
>
>
> Depending on your per-relay size you might end up running a big fraction of
> the network and
> especially big exit operators are encourage to take care of their DNS
> resolution.
> Specific guidelines can be found here:
> https://community.torproject.org/relay/setup/exit/
>
> IPv6 connectivity is also encouraged (which currently none of your relays
> appear to have).
>
> Especially for big operators it is recommended to managed their relays using
> configuration
> management (puppet, salt, ansible, ...) and update them regularly.
>
> An ansible role for Tor relay operator (I maintain) can be found at:
> https://github.com/nusenu/ansible-relayor
>
> The ContactInfo Information Sharing Specification is a spec about a machine
> readable ContactInfo string:
> https://github.com/nusenu/ContactInfo-Information-Sharing-Specification
>
> Your site suggests that you (will) run bridges and exits.
> Combining these two types of nodes under a single operator is generally a
> bad idea since tor's MyFamily configuration is not supported for bridges, so
> users might end up
> using your bridges _and_ your tor exits - which puts them at risk should
> someone compromise you, please
> consider running non-bridges only.
>
> For strong protections for your long term relay keys
> you can use tor's OfflineMasterKey feature,
> especially relevant if your run a big fraction of the network:
> https://2019.www.torproject.org/docs/tor-manual.html.en#OfflineMasterKey
>
>
> kind regards,
> nusenu
>
> PS: don't forget about your MyFamily setting if you do not choose a
> solution
> that manages that for you automatically.
>
>
> --
> https://mastodon.social/@nusenu
>
>
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Hello CypherpunkLabs Tor relays
  - From: nusenu

Prev by Author: Re: [tor-relays] How many threads needed for unbound at a fast relay?
Next by Author: Re: [tor-relays] Guard flag got removed after only 48 hours of downtime.
Previous by thread: [tor-relays] Hello CypherpunkLabs Tor relays
Next by thread: [tor-relays] anyone else with this issue?
Index(es):
- Author
- Thread