On Thu, Oct 06, 2005 at 08:21:20PM +0200, Oliver S. wrote: > I think that TOR-servers don't need to be that performant as their > usage is currently and will in future be very uncommon. So it would > be easier to deveop TOR in Java (or maybe even C#?). This would also > reduce the probability of security-issues like buffer-overflows (may- > be it would be even possible to go back the TOR-chain through chai- > ned buffer-overflows, i.e. BOs that go from one gate in the chain > from the previous). > What do you think of my idea. I think your idea is a fine one for somebody's spare time; we always need more implementations for the Tor protocol, and Java is a popular choice these days. You might want to start with the code from the Java Anon Proxy people; I don't know their current status here, but for a while, they had a working Tor *client* written in Java. Of course, a server is significantly more complicated, so there would be a lot more work. As for the performance issue: you are completely wrong about Tor servers not needing CPU; at reasonable bandwidth, the requirements are high. Fortunately, most of the CPU is used for AES, DH, and RSA, all of which any sane implementation will implement in native code, so one might stand a chance of having a compatible implementation of the Tor protocol written in a less performance critical language. In other words: if you want to clone Tor in Java, feel free! We look forward to your work. Note, however, that I keep talking about "compatible implementations" here. Tor is 49 thousand lines right now[1], and we're trying to strengthen incrementally it all the time. Throwing out the implementation that we've been working on for the last four years and starting again from scratch is not likely to work for us. As for the rest of this thread: language choice is a classical bike-shed problem[2]. Please, tread lightly, and consider whether what you're saying needs to be said. If you're worried about Java: there's no risk we'll switch the main Tor implementation to it in the foreseeable future. If you want Java: great, get some programmers together and bang out an implementation. [1] Tor has about 37.6 klines of code, and 11.4 klines of comments. [2] On bikesheds: http://www.unixguide.net/freebsd/faq/16.19.shtml yrs, -- Nick Mathewson
Attachment:
pgpqTsSKCchJj.pgp
Description: PGP signature