[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[minion-cvs] Work plan for 0.0.7
Update of /home/minion/cvsroot/src/minion
In directory moria.mit.edu:/tmp/cvs-serv22007
Modified Files:
TODO
Log Message:
Work plan for 0.0.7
Index: TODO
===================================================================
RCS file: /home/minion/cvsroot/src/minion/TODO,v
retrieving revision 1.180
retrieving revision 1.181
diff -u -d -r1.180 -r1.181
--- TODO 4 Jan 2004 02:46:28 -0000 1.180
+++ TODO 7 Jan 2004 06:27:12 -0000 1.181
@@ -12,7 +12,7 @@
NEEDS TO BE WRITTEN:
-For 0.0.7: (tentative list of stuff deferred from 0.0.6)
+For 0.0.7:
- Specification
- Clear up specification for payload versions.
- Clear up specification for NEWS
@@ -23,8 +23,11 @@
nicknames for other servers rather than just IP addresses.
- Have callers of Packet/BuildMessage/DeliveryPacket
decide whether to look for a tag in the RI field.
- - Make processing thread and module thread general
+ D Make processing thread and module thread general
cases of a thread pool abstraction.?
+ o Spec conformance
+ o Make sure we skip descriptors that don't support our
+ current Packet-Version.
o Performance
D Do a setsockopt(IP_TOS, IPTOS_THROUGHPUT), unless on
cygwin, dgux, sni-sysv.
@@ -32,8 +35,19 @@
- Allow 'mixminion ping' to take addr:port as argument.
- RFC822 interface and maildir-style exit module to help
integrators.
- o MMTP
- o Make MMTP bursty, at least on client side.
+ - Flush messages to a single mix, or set of mixes.
+ - Clean messages for a single mix, or set of mixes.
+ - Support to remove servers from imported set, or to block
+ servers from directory.
+ . MMTP
+ o Make MMTP bursty.
+ - Bandwidth throttling
+ - Limit number of simultaneous outgoing connections
+ - Limit number of bytes transmitted per second
+ - Limit number of bytes read per second.
+ - Security
+ - Make createPrivateDirs gripe about group-writable parent
+ dirs
- Large reply messages and efwd messages
- Fragment-pool logic for client
- Manual pages
@@ -46,6 +60,26 @@
- Add pages for 'mixminiond' and 'mixminion.conf' and
'mixminiond.conf'.
- Maybe add a page for Mixminion integration.
+Reach for 0.0.7:
+ - Dummies and pinging
+ - Make 'SIGHUP' reload, (and 'SIGUSR' dump).
+ - SIGHUP should reconfigure everything:
+ - Logs
+ - EventStats
+ - securedelete
+ - EntropySource (discard old entropy)
+ - Configuration (as used by key)
+ - File locations (????)
+ - Network setup
+ - Module setup
+ - (What else?)
+ - SIGHUP should check whether serverinfo should be
+ regenerated.
+ - Add SIGUSR1 to do rotate-and-dump only.
+ - MMTP
+ - Retrying should be per-destination, not per-packet.
+ Otherwise, we can leak which packets were first attempted
+ when.
Require for "0.1.0" (the in-theory-as-good-as-type-II release):
[Release criteria: Workable replacement for type II. At least as
@@ -53,22 +87,20 @@
also ready to replace type I. Interfaces are stable enough that
integrators can start building GUIs and nymservers without expecting large
incompatible changes. Target: first half of 2004. (No guarantees!)]
- - Dummies and pinging
- Security
- - Make createPrivateDirs gripe about group-writable parent
- dirs
+ - Upgrade packet format as necessary.
- Modules and module support
- - Use STARTTLS as available, it it's not too hard.
+ - Use STARTTLS as available, if it's not too hard.
- Real SMTP module
- Support multiple exit addresses. (cc, bcc, etc.)
Needs to be bandwidth-limited.
+ - Support NEWS
- End-to-end issues
- - MIME
+ - Minimal MIME support: allow headers; don't attempt to
+ enforce a single-best format.
- Configurability
- Better, documented support for http proxies for
downloading directories.
- - Make client-side pooling configurable and more
- sophisticated.
- Make DH parameter length configurable at 1024 bits
(or higher)?
. Freak out properly on missing/unpublishable IP.
@@ -76,25 +108,19 @@
. Full validation function for server
- Support for non-clique topologies (cliques with a few
missing links would be sufficient.)
+ - Configurable number of threads to scale to multiple CPUs
- Client support
- Automatically remove old messages from client queue. (Add
'warn after' and 'delete after' configuration options'.)
- - Flush messages to a single mix, or set of mixes.
- - Clean messages for a single mix, or set of mixes.
- - Support to remove servers from imported set, or to block
- servers from directory.
- Avoid timing distinguishability attack related to
check-dir, gen-path, read-from-stdin: only download
directory *AFTER* reading? Strongly recommend a cron job?
Write the whole thing off as not-really-an-attack?
- Build and install process
- o Well-tested 'make install'
- A well-tested 'make uninstall'
- RPMS, debs, and so on
. Make sure we run on solaris and *BSD.
. Make the software run under cygwin
- o Handle weirdness with directory permissions
- o flock
- Installing to relative path
. An init.d script.
- Support for multiple directories, with automated agreement.
@@ -106,22 +132,7 @@
- Complete all other docs
- History.
- Dummy messages (as in batching-taxonomy)
- - Make 'SIGHUP' reload, (and 'SIGUSR' dump).
- - SIGHUP should reconfigure everything:
- - Logs
- - EventStats
- - securedelete
- - EntropySource (discard old entropy)
- - Configuration (as used by key)
- - File locations (????)
- - Network setup
- - Module setup
- - (What else?)
- - SIGHUP should check whether serverinfo should be
- regenerated.
- - Add SIGUSR1 to do rotate-and-dump only.
- DoS resistance strategy
- - Bandwidth throttling
- Timeout connections more aggressively under heavy load
- What else?
- Disable heinously insecure operating modes.
@@ -151,7 +162,7 @@
- Support for sending multiple copies of a packet?
- ClientAPI correctness
- Port ClientAPI from C API document.
- - Move other functionality into ClientSupport module.
+ - Move other functionality into ClientUtil module.
- ClientMain should only have CLI functionality.
- Heavy-duty performance/DoS testing
- Modules and module support
@@ -159,15 +170,12 @@
- Full config validation
- Full boilerplate text
- Tell ModuleManager about async code (as soon as needed)
- o Refactoring/cleanup
- o Put 'address' someplace more reasonable.
- Configurability
- o Put pid and lock and key and queues in different
- places; coalesce pid and lock.
- Make all filenames in server config relative to
server home, if not absolute.
- Support for one-side-only MMTP configurations.
- X Make zlib bomb prevention configurable.
+ - Make client-side pooling configurable and more
+ sophisticated.
- Separate error/other log files.
- Move boilerplate into outside files. Add some generic
'Boilerplate' functionality.
@@ -175,7 +183,8 @@
- Add 'ALLOW' lines to blacklist.
- Client support
- Some way to read a reply block *and* a message from
- stdin?
+ stdin?
+ - Server UI functionality to inspect and clean out pools
- Port to Twisted, if reasonable (see HACKING)
- Send/receive large messages without having to suck them all
into RAM at once.
@@ -213,7 +222,6 @@
all of which need be published. Perhaps allow different
rules for each listener. ???? Maybe not really a good idea.
- Client support: Improved path selection
- - Figure out how to deal with non-clique topologies
- Watch out for servers that are really the
same server
- Only pick from the directory when picking
@@ -242,19 +250,12 @@
- License-friendliness:
- Switch from OpenSSL to NSS or GNUTLS
- GUI
- . Multithreaded design to scale to multiple CPUs
- Security
- Memlockall wrapper
- o Generic secure delete
- Support for loopback fs automation and shredding.
- Make DB module choice configurable?
- Consider dropping support for older Python versions?
-NEED TO BE TESTED
-- Signals
-
-NEED TO BE DOCUMENTED
-
NEEDS TO BE BENCHMARKED
- TLS for leaks
- PEM for leaks