John Ricketts: > I am about to fire up more Exit Relays and if I do so I will jump > from my roughly 3% of Exit Probability to what technically could > easily reach 6-8%. > > I would like to know everyone’s opinion on having an individual > operator have that much exit share. In my case, all the traffic > would be coming from the same AS as well, but distributed over four > different cities with different upstream carriers. > > Please chime in, if I get the a green light from the discussion it > will happen within a month. First of all: Thank you for growing the tor network exit capacity and being open about your plans. Big operators should be aware that they are more likely to be a person/group of interest to certain non-friendly entities than others. Ideally they take this risk and responsibility seriously and operate their relays accordingly. With a growing size of a single operator stability, availability and recovery time becomes also more relevant. A single small operator going down is NOT an issue that many would notice, but an operator running 10% exit prob. will more likely cause some noticeable impact. The usual points apply but become more important with the increasing cw/exit fraction of an operator. These are not meant as questions, just food for thought: - timely reaction to new security updates - 24/7 operations? auto-updates? - configuration management - family management - geo diversity - time to recover from complete relay(s) compromise (without rekeying) (> Are relays operated in OfflineMasterKey mode?) - security monitoring and alerting? - management workstation exposed to Internet? browsing? email? attacks) (dedicated machine? Qubes OS?) - direct peering and connectivity for a short path to common targets (like emeraldonion does) - servers used for tor only? (no shared use cases) - abuse handling - legal risks? - upstream diversity - in-operator OS diversity -- https://mastodon.social/@nusenu https://twitter.com/nusenu_
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays