[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[minion-cvs] Several days worth of hacking. Highlights: Key rotatio...



Update of /home/minion/cvsroot/src/minion
In directory moria.mit.edu:/tmp/cvs-serv2846

Modified Files:
	TODO 
Log Message:
Several days worth of hacking.  Highlights: Key rotation, robust queues.

TODO:
- Update status, add time estimates
- Break down directory work

etc/mixminiond.conf:
- Rename PublicKeySloppiness to PublicKeyOverlap

*:
- Whitespace normalization

ClientMain:
- Improve path syntax to include ?, *n,  Allow choice-with-replacement
- Use new readPickled functionality from Common
- Add -n argument for flush command
- Add default-path options to ClientConfig
- Be more specific about causes of failure when flushing; be more specific
  about # messages flushed.
- Remove --swap-at option: now path syntax is adequate.

Config, ClientMain, Common:
- Change duration from a 3-tuple to an independent class.  Now we 
  can say duration.getSeconds() rather than duration[2], which makes
  some stuff more readable.

Common:
- Debug checkPrivateFile
- Add AtomicFile class to help with standard create/rename pattern.
- Add readPickled/writePickled wrappers

MMTPClient:
- Document PeerCertificateCache

Packet:
- Correct documentation on overflow, underflow.

benchmark:
- Improve format of printed sizes
- Improve pk timing; time with bizarre exponent.
- Add Timing for ServerQueues

test:
- Add tests for encodeBase64
- Correct tests for new DeliveryQueue implementation
- Add tests for checkPrivateFile
- Revise tests for _parseInterval in response to new Duration class.
- Add tests for generating new descriptors with existing keys
- Fix test for directory with bad signature: make it fail for the
  right reason
- Deal with new validateConfig in Module
- Add test for scheduler.
- Tests for new path selection code

testSupport: 
- Module code uses new interface

EventStats:
- Document, clean

MMTPServer:
- Better warning on TLSClosed while connecting.
- Document new functionality

Modules:
- validateConfig function no longer needs 'sections' and 'entries':
  make it follow the same interface as other validation fns
- _deliverMessages: use new DeliveryQueue interface

PacketHandler:
- Always take a list of keys, never a single one.

ServerConfig:
- Refactor validateRetrySchedule
- Use new Duration class
- Rename PublicKeySloppiness to PublicKeyOverlap

ServerKeys: ***
- Implement key rotation:
   - Notice when to add and remove keys from PacketHandlers, MMTPServer
   - Set keys in packethandlers, mmtpserver 
   - Note that 512-bit DH moduli are kinda silly 
- More code and debugging for descriptor regenration

ServerMain:
- Documentation
- Key rotation
- Respond to refactoring in DeliveryQueue
- Use lambdas to wrap EventStats rotation
- Separate reset method
- Remove obsolete commands

ServerQueue: ***
- Refactor DeliveryQueue so that it has a prayer of working: Keep
  message delivery state in a separate file, and update separately.
  Remember time of queueing for each method, and last attempted
  delivery; n_retries is gone.  This allows us to change the retry schedule
  without putting messages in an inconsistent state.

  An earlier version put the state for _all_ queued objects in a
  single file: this turned out to be screamingly inefficient.

crypt.c, tls.c:
- Documentation fixes




Index: TODO
===================================================================
RCS file: /home/minion/cvsroot/src/minion/TODO,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -d -r1.95 -r1.96
--- TODO	5 May 2003 00:38:45 -0000	1.95
+++ TODO	17 May 2003 00:08:39 -0000	1.96
@@ -25,6 +25,7 @@
                 o Ctrl-C should just print "interrupted."
                 o Change behavior on binary messages; don't dump 'em
                   to terminals.
+                o Client queues should have max-packets-to-send option.
                 . DELKEYS should work. (neruaL)
                         - Test
         . Internal statistics
@@ -33,7 +34,7 @@
                 o Event log configurability
                 o server-stats command
                 o Test event log
-                . Document log and events
+                o Document log and events
                 - Test use of event log
         o Security:
                 o Support multiple SURB keys
@@ -87,31 +88,72 @@
                 o Implement frontend
                 X Test backend
                 o Test frontend
-        - Key management:
-                . Refactor the scheduler code in ServerMain.  We know
+        o Bugfixes
+                o "Unexpectedly closed connection" sometimes means 
+                  "server not there." Log accordingly.
+                o The retry scheduling logic is bogus.
+                o Attach debugging log calls to DeliveryQueue.
+        o Improved path selection
+                o Better syntax
+                o Improved implementation
+                o Tests
+        . Key management:
+                o Refactor the scheduler code in ServerMain.  We know
                   too many events now.
                         o Implement
-                        - Document
-                        - Tests
+                        o Document
+                        o Tests
                 . Ability to generate new serverdesc with old keys.
                         o Implement
-                        - Test backend
-                        - CLI
+                        o Test backend
+                        - Automate
                 . Ability to notice discrepancies between SD and
                   server configuration.
                         o Implement
                         - Test backend
                         - Integrate with frontend
                 . Online key rotation
-                        - Function to determine time for next rotation event.
+                        o Function to determine time for next rotation event.
                         o Ability to add PK to packethandler
                         o Ability to remove PK from packethandler.
                         o Ability to change TLS context for new connections.
-                        - Ability to delete PK.
-                        - Trigger all of the above as timed events occur.
-                        - Somehow test the whole business.
+                        o Ability to delete PK.
+                        o Trigger all of the above as timed events occur.
+1-3                     - Generate new SD's as needed, publish as needed
+2.5                     - Somehow test the whole business.
                 - Rudimentary directory automation (with trivial pinging)
-                - Automatic key generation 
+                        - CGI to receive server descriptors:
+1-4                             - replace old ones if superceded, 
+                                  reject them if invalid,
+                                  and queue them if unrecognized.
+2                               - Tests for above
+.5-1.5                          - The actual CGI
+1                       - Ability to move servers from queue to good-list.
+0.5                             - Tests
+1                       - Code to publish directories
+2-3                     - Code to remember whether descriptors are published,
+                          and republish as needed, and retry if directory
+                          is down.
+1                               - Tests
+                        - Trivial pinger: make a list of servers,
+                          check which are up, send 1-hop dummies, see
+                          which come back.
+.5                              - Get server list
+3                               - Do pinging, remember results
+2                               - Send messages with client
+1                               - Receive messages from an mbox? a directory?
+2                               - Recognize messages that come back
+2                               - Decide whom to include; make dirgen
+                                  include them
+3                               - Tests
+?                       - Design directory liveness format.  Maybe include
+                          all servers and "live" list for now?
+0.5                     - Code to automatically regenerate directories as
+                          needed.
+1       - Make "=== BEGIN" stuff comply with openpgp rfc: why rock
+          the boat?
+4       - Finish all documentation, resolve all XXXX004s
+3       - Try out all functionality by hand
 
 Deferred from 0.0.4:
         . UI
@@ -133,8 +175,7 @@
                   server home, if not absolute.
         - Security:
         	- Password-protect dirserver keys
-                - Client queues should be locked, and have
-                  max-packets-to-send option.
+                - Client queues should be locked. (Aren't they?)
         - Key mgt
                 - Consider linewrap protection on server descriptors,
                   if demand warrants.  (None yet.)
@@ -180,7 +221,7 @@
                 - Incoming email gateway
                         - Insert encoded packet into net.
                         - Reply to a reply block
-                        - "Anonymize" is
+                        - "Anonymize" is  ("Is?" Is what?)
                 - Some notion of 'client modules' would be a good idea.
                 - Put 'address' someplace more reasonable.
         - End-to-end issues
@@ -272,6 +313,9 @@
                 - Support for full-blown multiple-server agreement mechanism
                 - Consider linewrap protection on server descriptors,
                   if demand warrants.  (None yet.)
+                - Servers should download directories
+                - Servers should use downloaded directories to print useful
+                  nicknames for other servers rather than just IP addresses.
         - Full documentation
                 - Complete docs for all code, with comments and examples.
                 - Write guide for module developers