[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[minion-cvs] Several days worth of hacking. Highlights: Key rotatio...
Update of /home/minion/cvsroot/src/minion
In directory moria.mit.edu:/tmp/cvs-serv2846
Modified Files:
TODO
Log Message:
Several days worth of hacking. Highlights: Key rotation, robust queues.
TODO:
- Update status, add time estimates
- Break down directory work
etc/mixminiond.conf:
- Rename PublicKeySloppiness to PublicKeyOverlap
*:
- Whitespace normalization
ClientMain:
- Improve path syntax to include ?, *n, Allow choice-with-replacement
- Use new readPickled functionality from Common
- Add -n argument for flush command
- Add default-path options to ClientConfig
- Be more specific about causes of failure when flushing; be more specific
about # messages flushed.
- Remove --swap-at option: now path syntax is adequate.
Config, ClientMain, Common:
- Change duration from a 3-tuple to an independent class. Now we
can say duration.getSeconds() rather than duration[2], which makes
some stuff more readable.
Common:
- Debug checkPrivateFile
- Add AtomicFile class to help with standard create/rename pattern.
- Add readPickled/writePickled wrappers
MMTPClient:
- Document PeerCertificateCache
Packet:
- Correct documentation on overflow, underflow.
benchmark:
- Improve format of printed sizes
- Improve pk timing; time with bizarre exponent.
- Add Timing for ServerQueues
test:
- Add tests for encodeBase64
- Correct tests for new DeliveryQueue implementation
- Add tests for checkPrivateFile
- Revise tests for _parseInterval in response to new Duration class.
- Add tests for generating new descriptors with existing keys
- Fix test for directory with bad signature: make it fail for the
right reason
- Deal with new validateConfig in Module
- Add test for scheduler.
- Tests for new path selection code
testSupport:
- Module code uses new interface
EventStats:
- Document, clean
MMTPServer:
- Better warning on TLSClosed while connecting.
- Document new functionality
Modules:
- validateConfig function no longer needs 'sections' and 'entries':
make it follow the same interface as other validation fns
- _deliverMessages: use new DeliveryQueue interface
PacketHandler:
- Always take a list of keys, never a single one.
ServerConfig:
- Refactor validateRetrySchedule
- Use new Duration class
- Rename PublicKeySloppiness to PublicKeyOverlap
ServerKeys: ***
- Implement key rotation:
- Notice when to add and remove keys from PacketHandlers, MMTPServer
- Set keys in packethandlers, mmtpserver
- Note that 512-bit DH moduli are kinda silly
- More code and debugging for descriptor regenration
ServerMain:
- Documentation
- Key rotation
- Respond to refactoring in DeliveryQueue
- Use lambdas to wrap EventStats rotation
- Separate reset method
- Remove obsolete commands
ServerQueue: ***
- Refactor DeliveryQueue so that it has a prayer of working: Keep
message delivery state in a separate file, and update separately.
Remember time of queueing for each method, and last attempted
delivery; n_retries is gone. This allows us to change the retry schedule
without putting messages in an inconsistent state.
An earlier version put the state for _all_ queued objects in a
single file: this turned out to be screamingly inefficient.
crypt.c, tls.c:
- Documentation fixes
Index: TODO
===================================================================
RCS file: /home/minion/cvsroot/src/minion/TODO,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -d -r1.95 -r1.96
--- TODO 5 May 2003 00:38:45 -0000 1.95
+++ TODO 17 May 2003 00:08:39 -0000 1.96
@@ -25,6 +25,7 @@
o Ctrl-C should just print "interrupted."
o Change behavior on binary messages; don't dump 'em
to terminals.
+ o Client queues should have max-packets-to-send option.
. DELKEYS should work. (neruaL)
- Test
. Internal statistics
@@ -33,7 +34,7 @@
o Event log configurability
o server-stats command
o Test event log
- . Document log and events
+ o Document log and events
- Test use of event log
o Security:
o Support multiple SURB keys
@@ -87,31 +88,72 @@
o Implement frontend
X Test backend
o Test frontend
- - Key management:
- . Refactor the scheduler code in ServerMain. We know
+ o Bugfixes
+ o "Unexpectedly closed connection" sometimes means
+ "server not there." Log accordingly.
+ o The retry scheduling logic is bogus.
+ o Attach debugging log calls to DeliveryQueue.
+ o Improved path selection
+ o Better syntax
+ o Improved implementation
+ o Tests
+ . Key management:
+ o Refactor the scheduler code in ServerMain. We know
too many events now.
o Implement
- - Document
- - Tests
+ o Document
+ o Tests
. Ability to generate new serverdesc with old keys.
o Implement
- - Test backend
- - CLI
+ o Test backend
+ - Automate
. Ability to notice discrepancies between SD and
server configuration.
o Implement
- Test backend
- Integrate with frontend
. Online key rotation
- - Function to determine time for next rotation event.
+ o Function to determine time for next rotation event.
o Ability to add PK to packethandler
o Ability to remove PK from packethandler.
o Ability to change TLS context for new connections.
- - Ability to delete PK.
- - Trigger all of the above as timed events occur.
- - Somehow test the whole business.
+ o Ability to delete PK.
+ o Trigger all of the above as timed events occur.
+1-3 - Generate new SD's as needed, publish as needed
+2.5 - Somehow test the whole business.
- Rudimentary directory automation (with trivial pinging)
- - Automatic key generation
+ - CGI to receive server descriptors:
+1-4 - replace old ones if superceded,
+ reject them if invalid,
+ and queue them if unrecognized.
+2 - Tests for above
+.5-1.5 - The actual CGI
+1 - Ability to move servers from queue to good-list.
+0.5 - Tests
+1 - Code to publish directories
+2-3 - Code to remember whether descriptors are published,
+ and republish as needed, and retry if directory
+ is down.
+1 - Tests
+ - Trivial pinger: make a list of servers,
+ check which are up, send 1-hop dummies, see
+ which come back.
+.5 - Get server list
+3 - Do pinging, remember results
+2 - Send messages with client
+1 - Receive messages from an mbox? a directory?
+2 - Recognize messages that come back
+2 - Decide whom to include; make dirgen
+ include them
+3 - Tests
+? - Design directory liveness format. Maybe include
+ all servers and "live" list for now?
+0.5 - Code to automatically regenerate directories as
+ needed.
+1 - Make "=== BEGIN" stuff comply with openpgp rfc: why rock
+ the boat?
+4 - Finish all documentation, resolve all XXXX004s
+3 - Try out all functionality by hand
Deferred from 0.0.4:
. UI
@@ -133,8 +175,7 @@
server home, if not absolute.
- Security:
- Password-protect dirserver keys
- - Client queues should be locked, and have
- max-packets-to-send option.
+ - Client queues should be locked. (Aren't they?)
- Key mgt
- Consider linewrap protection on server descriptors,
if demand warrants. (None yet.)
@@ -180,7 +221,7 @@
- Incoming email gateway
- Insert encoded packet into net.
- Reply to a reply block
- - "Anonymize" is
+ - "Anonymize" is ("Is?" Is what?)
- Some notion of 'client modules' would be a good idea.
- Put 'address' someplace more reasonable.
- End-to-end issues
@@ -272,6 +313,9 @@
- Support for full-blown multiple-server agreement mechanism
- Consider linewrap protection on server descriptors,
if demand warrants. (None yet.)
+ - Servers should download directories
+ - Servers should use downloaded directories to print useful
+ nicknames for other servers rather than just IP addresses.
- Full documentation
- Complete docs for all code, with comments and examples.
- Write guide for module developers