[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[minion-cvs] Big pile of changes -- 0.0.4rc1 draws ever closer.
Update of /home/minion/cvsroot/src/minion
In directory moria.mit.edu:/tmp/cvs-serv21169/src/minion
Modified Files:
TODO setup.py
Log Message:
Big pile of changes -- 0.0.4rc1 draws ever closer.
Main:
- Add a big warning banner to say we aren't compatible with anything
right now.
BuildMessage, Packet, PacketHandler:
- Change to new packet format (2048-bit RSA keys, overlapping
encryption)
setup.py:
- Bump version to 0.0.4alpha2
ClientMain:
- Add a handy 'ping' command -- too handy to stay in the codebase, but
useful for testing.
Common:
- Add a checkPrivateFile function to enforce file permissions.
Config, ServerConfig, ServerInfo, Modules:
- Refactor away a lot of useless code. I once thought the
configuration files would be self-reloading, and everybody would use
some kind of publish/subscribe mechanism to update themselves -- but
that's kinda silly in practise.
- Add a prevalidate function so that we can freak out sooner if the
version number doesn't match.
ServerInfo:
- Move IP to Incoming/MMTP section
- Bump Descriptor-Version to 0.2
Crypto:
- Make sure that private keys are stored mode 0600.
MMTPClient:
- Make 'bad authentication' a separate exception
- Check to make sure our certs aren't expired.
EventStats:
- Begin testing, debugging, refactoring.
- Fancier rule for rotation: don't rotate until we've accumulated data
for a sufficiently long time, even if a long time has passed. (That
is, if we've been offline for 23 hours, don't trigger a daily
rotation.)
MMTPServer:
- Refactor client connection cache
- Use PeerCertificateCache to remember which certificates we've
already verified.
Index: TODO
===================================================================
RCS file: /home/minion/cvsroot/src/minion/TODO,v
retrieving revision 1.92
retrieving revision 1.93
diff -u -d -r1.92 -r1.93
--- TODO 22 Apr 2003 01:45:22 -0000 1.92
+++ TODO 26 Apr 2003 14:39:58 -0000 1.93
@@ -25,17 +25,17 @@
o Ctrl-C should just print "interrupted."
o Change behavior on binary messages; don't dump 'em
to terminals.
- o DELKEYS should work. (neruaL)
+ . DELKEYS should work. (neruaL)
+ - Test
. Internal statistics
o Event log module
o Create and use event log
o Event log configurability
o server-stats command
- - Test event log
+ . Test event log
- Document log and events
- Test use of event log
- - Full statistics (ask Len what the list is.)
- . Security:
+ o Security:
o Support multiple SURB keys
o Better keyrings: implement
o Better keyrings: test
@@ -45,27 +45,47 @@
o Test CLI support
o Specify behavior
o Document in --help and README
- - Increase key length to 2048 bits
+ o Increase key length to 2048 bits
o Specify
o Come up with an upgrade path?
(Result: drop backward compatibility.)
- - Implement
- - Make ServerInfo more forward-compatible.
- - Skip sections completely if the version number isn't
+ o Bump up logs
+ o Implement: Packet
+ o Implement: BuildMessage
+ o Implement: PacketHandler
+ o Test
+ o Make old tests work
+ o Tests for BuildMessage with overflow.
+ o Tests for parsing underflow on subheads
+ o Make ServerInfo more forward-compatible.
+ o Skip sections completely if the version number isn't
recognized.
- - Add new fields to ServerInfo:
- . Stub Secure-Configuration support
- . Stub Contact-Fingerprint support
+ o Implement
+ o Test
+ o Refactor configuration code.
+ o Add new fields to ServerInfo:
+ o Stub Secure-Configuration support
+ o Stub Contact-Fingerprint support
. MMTP
- o self->self packets shouldn't hit the network.
- - Implement
+ o "IP" belongs in the MMTP part of the server descriptor.
+ . self->self packets shouldn't hit the network.
+ o Implement
- Test
o Don't have multiple connections to same server.
o KEYID should be hash of signing key==hash of
identity key. (Spec may be incorrect.)
- . Add support for "REJECTED" reply.
+ o Implement
+ o Check expiration date on certificates
+ o Use PeerCertificateCache properly
+ - Test peercertificatecache.
+ . Add support for "REJECTED" reply (receive only).
o Implement
- Test
+ . "mixminion ping" command
+ o Implement backend
+ o Implement frontend
+ - Test backend
+ o Test frontend
- Key management:
. Ability to generate new serverdesc with old keys.
o Implement
@@ -84,8 +104,8 @@
- Ability to delete PK.
- Trigger all of the above as timed events occur.
- Somehow test the whole business.
- - Consider linewrap protection on server descriptors,
- if demand warrants. (None yet.)
+ - Rudimentary directory automation (with trivial pinging)
+ - Automatic key generation
Deferred from 0.0.4:
. UI
@@ -95,6 +115,8 @@
CLI'S AND MULTI-SERVER SITUATIONS.
- Tests for packet addressed to server with bogus IP.
- Finish port to Cygwin
+ - Full statistics
+ - Full statistics (ask Len what the list is.)
- MMTP
- Make MMTP bursty
- Configurability
@@ -106,7 +128,10 @@
- Password-protect dirserver keys
- Client queues should be locked, and have
max-packets-to-send option.
-
+ - Key mgt
+ - Consider linewrap protection on server descriptors,
+ if demand warrants. (None yet.)
+
Required for "1.0":
[These features must be in place before we can take the system out
of alpha. We'll do a series of point releases between 0.0.1 and
@@ -188,12 +213,11 @@
- Send message to user with known public key
- Real PKI for end-to-end encryption
- MMTP / async
- - "IP" belongs in the MMTP part of the server descriptor.
- Timeout connections more aggressively under higher load.
- Bandwidth throttling
- - Session management and resumption (security issues?) Is this
+ X Session management and resumption (security issues?) Is this
really useful for performance?
- - Server code to find out if clients have renegotiated.
+ X Server code to find out if clients have renegotiated.
- Tests for all cases:
- Junk
- Retry on bogus close.
Index: setup.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/setup.py,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -d -r1.52 -r1.53
--- setup.py 7 Apr 2003 00:48:30 -0000 1.52
+++ setup.py 26 Apr 2003 14:39:58 -0000 1.53
@@ -30,9 +30,9 @@
os.umask(022)
-VERSION = '0.0.4alpha'
+VERSION = '0.0.4alpha2'
# System: 0==alpha, 50==beta, 99==release candidate, 100==release
-VERSION_INFO = (0,0,4,0,-1)
+VERSION_INFO = (0,0,4,0,2)
# Function to pull openssl version number out of an opensslv.h file. This
# isn't a real C preprocessor, but it seems to work well enough.