19:00:16 #startmeeting network health 19:00:16 Meeting started Mon Mar 9 19:00:16 2020 UTC. The chair is GeKo. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:00:16 Useful Commands: #action #agreed #help #info #idea #link #topic. 19:00:22 okay, hello everyone 19:00:28 it's network health meeting time 19:01:13 so, let's see what we have on our agenda 19:01:16 o/ 19:01:28 the pad is over at https://pad.riseup.net/p/tor-networkhealth-2020.1-keep 19:01:30 as usual 19:01:41 o/ 19:01:43 o/ 19:01:52 if anyone worked on stuff in network health land, please update the pad so we are all up-to-date 19:01:58 and mark items to discuss in bold 19:02:06 * gaba is half here 19:02:17 o/ 19:03:25 okay. it seems we don't have much on our plate 19:03:28 good :) 19:03:43 i have one of my items in bold 19:04:01 just in case folks have an opinion and want to add things 19:04:24 ggus and i are coordinating the tor legal faq update with the eff 19:04:29 or we plan to do so at least 19:04:47 the current text and questions are on https://pad.riseup.net/redirect#https%3A//community.torproject.org/relay/community-resources/eff-tor-legal-faq/ 19:04:52 arg 19:05:02 https://community.torproject.org/relay/community-resources/eff-tor-legal-faq 19:05:27 and the community team looked into newer questions and issues 19:05:32 that could be worth getting added 19:05:47 the results are documented at https://pad.riseup.net/p/tor-legal-questions-keep 19:06:25 so i sat down last week and drafted a mail to the eff people to talk with them together about 19:06:30 new additions and possible changes 19:06:59 if any of you have changes to that mail draft, which is on https://pad.riseup.net/p/A1CmR28t3V8XAhT-qIaf, please add them to the pad 19:07:23 my plan is to clean this up tomorrow/maybe on wed and then get the conversation going 19:07:32 (with eff lawyers) 19:07:43 okay 19:08:02 in case there are no questions about that 19:08:27 are there any other status related things we should discuss here? 19:09:15 let's move on to discussion then 19:09:51 #32672 is the first one 19:10:26 last week i looked at the result of our email campaign for contacting relay operators 19:10:44 to the ticket; i think it went not bad 19:10:59 so, now the question is how to move forward 19:11:23 Do you have a rough estimate of the response rate? 19:11:36 it seems phw is picking up contacting the bridge operators, so that's good 19:11:42 I feel like I saw a fair few explicit ACKs which was nice, did others also update without replying? 19:11:56 yes 19:12:06 i have not looked at the details yet 19:12:27 but there were definitely a bunch of people that updated without responding 19:12:59 Great! Quantifying that would be really useful for any decision about whether to enforce contact info being set (I think arma was musing about it) 19:13:08 i mean that all affects only relay operators that have some form of valid contactinfo, but, hey, that's cool 19:13:23 yes 19:13:26 maybe 19:13:39 i don't currently think that enforcing contactinfo to be set, while letting it be set to anything at all, is a good choice 19:16:06 I guess there's a huge space of possible design decisions - e.g. whether to check the email is valid - whether a email should be pubic or viewable to Tor only. I don't have an opinion, just noting the value of the data if it is something that is being considered. 19:16:27 yep 19:16:31 yeah 19:17:12 i even talked at one point about having a web registration thing, where they put a nonce in their contactinfo and then they have a secret contact address registered with us. so many choices! none of which are great! 19:17:29 so for setting a final deadline, i.e. for when asking the network team to merge 19:17:41 i'd wait for phw doing his things this week 19:18:01 and think we could decide next week when this should ideally get merged 19:18:18 and what steps we want to do when this is done/has some date attached to it 19:18:31 e.g. ggus said doing some twitter thing could be useful 19:18:43 but there are a bunch of folks out there that only operate with deadlines 19:18:57 that is for some reason they need that pressure to act 19:19:14 i am fine with that :) 19:19:25 but we could include that into our consideration for next steps 19:19:27 this is the "bump out old versions" code? even if it gets merged today, it won't get run by a majority of dir auths for...some months 19:19:34 yep 19:19:36 and yep 19:19:46 but there are possible backports and such 19:19:53 so we might get it earlier 19:19:58 true 19:20:18 Oh, that's interesting to know! (about the delay between different dir auths) 19:20:39 well, and that := 19:20:45 :) 19:20:58 some might even just patch their tor, who knows 19:21:19 but communicating a deadline seems important 19:21:31 +1 19:21:31 so we should think next week about it, hopefully ggus can attend then 19:21:37 sounds reasonable? 19:22:31 no objections, great 19:22:42 so the other item on the list 19:22:56 i heard daylight saving time is a thing 19:23:12 so, we should think about adapting our meeting time i guess 19:23:32 now, that's probably a good topic for a proper bikeshed 19:23:53 so let me start by suggesting a model that worked for a lot of teams in the past: 19:24:19 we keep the current utc time until the europreans switch, too 19:24:28 which is in rougly three weeks 19:24:51 and *then* we move the meeting to 1800utc to get back to our used local time 19:24:57 does that make sense? 19:25:37 any other suggestions? 19:25:56 yes, that works for me 19:26:06 It makes no difference to me in terms of actual time, but I would vote for whatever minimises conflicts with other meetings 19:26:54 :) 19:27:16 alright, let's stick to the plan i outlined above 19:27:26 if there are no objections 19:27:52 we can revisit that if there are suddenly unexpected conflicts popping up and change our mind 19:28:20 anything else we should discuss today? anything anyone needs help with? 19:28:58 I have a minor question 19:29:10 go for it 19:29:12 I think I see you post weekly in IRC about a dir auth update with some names? 19:29:27 yep 19:29:30 Can I ask what exactly that is or what it involves or why it is coordinated through IRC? 19:29:38 sure 19:29:52 we are actively trying to find bad relays on the network 19:30:03 there are different scanners for that 19:30:07 sometimes they find stuff 19:30:20 and then the bad relays team is looking at the results 19:30:31 and is removing relays from the network 19:30:49 there is a private repo containing the rejected fingerprints 19:30:52 and ip addresses 19:31:02 that gets updated with new entries in those cases 19:31:20 now, in order for that to take effect the dir auths need to update there config 19:31:28 to take those new entries into account 19:31:40 Okay, I see, so this tells the operators to do a git pull / deploy or whatever? 19:31:52 there are some dirauth operators that prefer a ping, say, on irc when new entries show up 19:31:55 yes 19:32:16 Okay, thanks for explaining! That's super interesting. Just to confirm: Bad means malicious in this case? 19:32:21 i mean should see see this already as our internal channel gets a ping when the repo gets updated 19:32:29 Rather than broken / mis configured 19:32:35 and they should get a mail to the dir-auth mailing list 19:32:43 but some still like to get a ping 19:32:56 it could be both 19:33:21 e.g. i'll probably start kicking out exits soon that don't fix their dns 19:33:25 see #32864 19:33:34 Yep :) 19:33:50 Do the relays get told why they are now rejected? Or does it appear as a silent drop? 19:34:02 Is there some public policy or eventual listing? 19:34:16 I can understand why some exit scanning tools would obviously be better private ofc 19:34:29 they see an entry in their tor logs explaining they should contact the bad-relays list for further info 19:34:53 and we usually talk to them there about the reasons, potential false positives, fixing their stuff etc. 19:35:24 what do you mean with "public policy or eventual listing"? 19:36:10 we don't have a good policy written yet for when we reject relays 19:36:12 Is the decision making process for who is a bad relay public? Private? Not codified? 19:36:19 Ah okay, the last then. 19:36:24 that's one of the todo items 19:36:39 it's private 19:36:43 And then - with the private github repo list of rejections. Do they eventually get published somewhere? 19:36:50 we have a private mailing list, bad-relays 19:36:53 dennis_jackson: for rationale (or justification if you prefer) of keeping them sekrit, see these two links: 19:36:55 https://gitweb.torproject.org/community/policies.git/tree/social_contract.txt#n54 19:36:58 * arma2 goes to hunt for the other link 19:37:29 it's not really codified either even though folks have thought quite a bit about it and keep doing so 19:37:36 Yeah I totally see the argument for keeping it private! I just wanted to check 19:37:49 they are not getting published yet 19:37:58 ahf was looking at relay churn a few weekends back 19:38:13 And it looked surprisingly high to me, so I wonder if bad relays could be the reason 19:38:29 I did not actually know this process existed so I am glad I asked about the dir auth update thing now 19:38:43 i doubt that bad relays would account for that 19:38:55 it's maybe a handful over a week 19:39:06 ah okay, probably not then 19:39:09 https://lists.torproject.org/pipermail/tor-talk/2014-July/034219.html is my other link 19:39:29 dennis_jackson: yeah, glad you asked, keep doing that ;) 19:39:56 (in particular as the meeting is public and "recorded", so folks can at least read about where we are now with those sekrit things) 19:40:08 geko: we had a thought, long ago, of publishing everything with a 12 month lag 19:40:12 Thanks arma, just skimmed it and yeah it makes sense to me as a policy :) 19:40:23 since that seems like a good balance between transparent and effective 19:40:32 Thanks Geko - super helpful to me :) 19:40:38 arma2: in theory I did that for couple years ... but failed to do so 19:40:42 last years* 19:40:43 arma2: i am a fan 19:41:11 or did there speak anything against it that i am not aware of? 19:41:15 all previous bad relays are public up until 2018-ish I believe 19:41:30 GeKo: not sure I can parse your sentence 19:41:45 dgoulet: "are there any reasons not to" 19:41:53 yep, thanks :) 19:42:07 dgoulet: where can one find those bad relays? 19:42:14 not to publish... I don't see any... maybe some _ongoing_ thing we ought to prevent relays caught ... but 19:42:31 the discussion ended up that everyone was happy that we would publish all bad relays with a 3 months lag 19:42:39 GeKo: this is why the Expiry date in the bad.conf is always 90 days :P 19:42:54 yeah, that's what i figured ;) 19:42:54 GeKo: it is in the DocTor git history 19:43:03 not the most obvious way to find it 19:43:14 aha, yes, i remember stumbling about that 19:43:17 https://gitweb.torproject.org/doctor.git/commit/?id=c29bba1efb92927b975cd863bb4f437792947a67 19:43:20 example ^ 19:43:36 any reason this process did not continue? 19:43:53 GeKo: I had no time or forgot or didn,t take time to do it regurlarly 19:43:59 GeKo: there is no counter pressure to do it 19:44:03 GeKo: the dirauth kabal was on board 19:44:13 * dennis_jackson chants automation automation automation 19:44:16 and for a time it was what I was doing every ~6 months 19:44:29 okay, great, let's revive that then 19:44:41 that is primarly why I've standardized the comments in the bad.conf 19:44:47 so a script could expire the entries! 19:44:59 but never got to writing it :( 19:45:16 that's solvable ;) 19:45:44 ooookay, do we have anything else to discuss today? 19:46:04 Nothing from me, thank you all for the knowledge sharing :) 19:46:08 maybe dennis_jackson has another small question ;) 19:46:16 How many hours do we have left? :P 19:46:38 :) 19:47:00 okay, nothing anymore. thanks everyone! have a nice week and happy hacking 19:47:04 #endmeeting