Yup! I wanted to contextualize one portion of the paper where I think the author's have confused our intentions:
After making our DV++ available in March 2017, a parallel similar direction was proposed by LetsEncrypt, called multi-VA. The difference is that in contrast to DV++, multi-VA uses fixed nodes (currently three). Which it uses to perform the validation. By corrupting the nodes, the attacker can subvert the security of multi-VA mechanism. DV++ selects the nodes at random from a large set. Furthermore, we ensure that the nodes’ placement guarantees that the nodes are not all located in the same autonomous system (AS) and the paths between the nodes and that the validated domain servers do not overlap
Like I wrote in our multi-va trial announcement we selected 3 nodes within a less diverse set of autonomous systems for the first evaluation stage of this project:
"We expect to increase the number of remote instances and network perspectives before enabling this countermeasure in production."
We have never intended to leave this at exactly 3 nodes and have always intended to carefully select the placement of the nodes for a production launch to maximize the benefit (We've been partnered with researchers at Princeton to make this selection process as robust and empirically sound as possible).
We explicitly decided not to use a randomized choice of nodes because without a massive number of nodes well outside of our operational capacity any adversary can simply perform benign domain-validations for domains they control until they learn the full set of nodes in use, and then subsequently adjust their attacks to affect the full set.
The difference is that in contrast to DV++, multi-VA uses fixed nodes (currently three). Which it uses to perform the validation. By corrupting the nodes, the attacker can subvert the security of multi-VA mechanism. DV++ selects the nodes at random from a large set.
I think we can also agree that a "large set" (how large?) is also still a fixed set. The source code for the DV++ prototype shows the Orchestrator component has a fixed set of Agent configuration stanzas and isn't discovering new nodes at runtime. If the attacker can subvert the large set they can subvert the security of the DV++ mechanism. I think this language is misleading.