Why do we do so many SSL ops?
While we're working on #1749 (moved), we should also try to get a better handle on why our SSL handshakes are happening.
Are they happening in bursts? A lot at certain times of day? A lot soon after boot and fewer as time goes by? A lot from a small number of addresses? Mostly incoming or mostly outgoing?
We have some infrastructure in place already to notice these calls -- see note_crypto_pk_op() and dump_pk_ops(). So maybe a good plan is to expand those, and either log interesting points with a timestamp for later reconstruction, or add a controller event, depending on how we want to drive the stats collection.
Of course, recording Tor IP addresses that are probably non-relays should be done with care. Probably even timestamps plus relay IP addresses is sensitive. At the last, we should avoid publishing reports with useful addresses in them. I would recommend not wasting too much time building a fancy black box combination gizmo though, because it won't be worth it.
General long-term trends might be useful too. Nick suggested putting those in the relay's extra-info descriptors.