[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r14327: add a few todo items, move some around, answer nick's questi (tor/trunk/doc)
Author: arma
Date: 2008-04-09 00:32:01 -0400 (Wed, 09 Apr 2008)
New Revision: 14327
Modified:
tor/trunk/doc/TODO
Log:
add a few todo items, move some around, answer nick's questions
Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO 2008-04-09 02:15:37 UTC (rev 14326)
+++ tor/trunk/doc/TODO 2008-04-09 04:32:01 UTC (rev 14327)
@@ -132,6 +132,8 @@
- Finish buffer stuff in libevent; start using it in Tor.
- Tors start believing the contents of NETINFO cells.
- Get a "use less buffer ram" patch into openssl.
+ - Work with Steven and Roger to decide which parts of Paul's project
+ he wants to work on.
Matt
- Fit Vidalia in 640x480 again.
@@ -164,6 +166,7 @@
- Keep bugging us about exploits on the .exit notation.
- If relays have 100KB/s but set relaybandwidthrate to 10KB/s, do your
interference attacks still work?
+ - Mike's question #3 on https://www.torproject.org/volunteer#Research
Andrew
- Which bundles include Torbutton? Change the docs/tor-doc-foo pages
@@ -173,12 +176,12 @@
include Torbutton, they still say it's tor.eff.org, etc.
- Should we still be telling you how to use Safari on OS X for Tor,
given all the holes that Torbutton-dev solves on Firefox?
+ - Get Google excited about our T&Cs.
Karsten
. Make a hidden services explanation page with the hidden service
diagrams. See img/THS-[1-6].png. These need some text to go along
with them though, so people can follow what's going on.
- - Roger should review these
- We should consider a single config option TorPrivateNetwork that
turns on all the config options for running a private test tor
network. having to keep updating all the tools, and the docs,
@@ -196,6 +199,8 @@
Roger:
. Fix FAQ entry on setting up private Tor network
+ - Review Karsten's hidden service diagrams
+ - Prepare the 0.2.0.x Release Notes.
=======================================================================
@@ -240,6 +245,14 @@
- Draft proposal for GeoIP aggregation (see external constraints *)
- Separate Guard flags for "pick this as a new guard" and "keep this
as an existing guard". First investigate if we want this.
+ - Figure out how to make good use of the fallback consensus file. Right
+ now many of the addresses in the fallback consensus will be stale,
+ so it will take dozens of minutes to bootstrap from it. This is a
+ bad first Tor experience. But if we check the fallback consensus
+ file *after* we fail to connect to any authorities, then it may
+ still be valuable as a blocking-resistance step.
+ - Patch our tor.spec rpm package so it knows where to put the fallback
+ consensus file.
- Tiny designs to write:
- Better estimate of clock skew; has anonymity implications. Clients
@@ -249,10 +262,9 @@
- Do TLS connection rotation more often than "once a week" in the
extra-stable case.
- - Items to backport to 0.2.0.x-rc once solved in 0.2.1.x:
-R - Figure out the autoconf problem with adding a fallback consensus.
-R - add a geoip file
-W - figure out license
+ - Items to backport to 0.2.0.x once solved in 0.2.1.x:
+R - add a geoip file *
+W - figure out license *
- Use less RAM *
- Optimize cell pool allocation.
@@ -276,8 +288,8 @@
- Normalized cipher lists *
- Normalized lists of extensions *
- Tool improvements:
- - Get a "use less buffer ram" patch into openssl.
- - Get IOCP patch into libevent
+ - Get a "use less buffer ram" patch into openssl. *
+ - Get IOCP patch into libevent *
- Feature removals and deprecations:
- Get rid of the v1 directory stuff (making, serving, and caching)
@@ -319,7 +331,6 @@
- chroot yourself, including inhibit trying to read config file
and reopen logs, unless they are under datadir.
-
- Should be trivial:
- Base relative control socket paths (and other stuff in torrc) on datadir.
- Tor logs the libevent version on startup, for debugging purposes.
@@ -334,18 +345,25 @@
Later, unless people want to implement them now:
- Actually use SSL_shutdown to close our TLS connections.
- - Polipo vs Privoxy
- - switch out privoxy in the bundles and replace it with polipo.
- - Consider creating special Tor-Polipo-Vidalia test packages,
- requested by Dmitri Vitalev (does torbrowser meet this need?)
- Include "v" line in networkstatus getinfo values.
+ [Nick: bridge authorities output a networkstatus that is missing
+ version numbers. This is inconvenient if we want to make sure
+ bridgedb gives out bridges with certain characteristics. -RD]
- Let tor dir mirrors proxy connections to the tor download site, so
if you know a bridge you can fetch the tor software.
+ - when somebody uses the controlport as an http proxy, give them
+ a "tor isn't an http proxy" error too like we do for the socks port.
Can anybody remember why we wanted to do this and/or what it means?
- config option __ControllerLimit that hangs up if there are a limit
of controller connections already.
+ [This was mwenge's idea. The idea is that a Tor controller can
+ "fill" Tor's controller slot quota, so jerks can't do cross-protocol
+ attacks like the http form attack. -RD]
- configurable timestamp granularity. defaults to 'seconds'.
+ [This was Nick's idea. The idea to make the log timestamps much more
+ vague, so by default they don't help timing attacks much even if
+ they're leaked. -RD]
* * * *
@@ -379,8 +397,6 @@
d Limit to 2 dir, 2 OR, N SOCKS connections per IP.
- Or maybe close connections from same IP when we get a lot from one.
- Or maybe block IPs that connect too many times at once.
- - when somebody uses the controlport as an http proxy, give them
- a "tor isn't an http proxy" error too like we do for the socks port.
- we try to build 4 test circuits to break them over different
servers. but sometimes our entry node is the same for multiple
test circuits. this defeats the point.