[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-dev] Tor Proposal status updates: Feb 2015
This is an update to the Tor proposal status overview. I last sent one
of these out almost a year ago; since 0.2.6 has entered feature freeze,
I really ought to do this regularly again.
Future versions of this document will be maintained in the torspec
repository as "proposals/proposal-status.txt". I'll still send them
to tor-dev periodically.
If you're looking for something to review, think about, or comment
on:
Review 219 if you're a DNS geek, or you'd like Tor to work
better with more DNS types.
Review 220 (ed25519 identity keys) and 228
(cross-certification) if you like designing signature things,
if you have good ideas about future-proofing key type
migration, or if you care about making Tor servers' identity
keys stronger.
Review 223 (ACE handshake) if you're a cryptographer, or a
cryptography implementer, and you'd like an even faster
replacement for the ntor handshake.
Review 224 if you want to look through a big, complex protocol
with a lot of pieces. Also review it if you care about hidden
services and making them better.
Review 226 if you're interested in bridgedb development.
Review 241 for a big chance at making Tor clients and hidden services
more secure.
Review something else if you want to take a possibly good idea
that needs more momentum and promote it, fix it up, or finally
kill it off.
I note in passing that many of the proposals below seem stalled,
perhaps permanently: some because we don't know how to answer their
open questions, others because we're not sure if they're a good
idea, others because they don't seem implementable yet. Is that the
best way to characterize it? Should we have a new "stalled"
proposal status or something? Should we have a
"rejected-pending-revision" status that we use effectively for
everything that doesn't seem likely to get revised or implemented
any time soon? Other suggestions would be welcome.
Finally: if you've sent something to tor-dev or to me that should
have a proposal number, but doesn't have one yet, please ping me
again to remind me!
**NOTE**: The dates after each paragraph indicate when I last
revised the paragraph.
127 Relaying dirport requests to Tor download site / website
The idea here was to make it easier to fetch and learn about
Tor by making it easy for relays to automatically act as
proxies to the Tor website. It needs more discussion, and
there are some significant details to work out. It's not at
all clear whether this is actually a good idea or not.
Probably, there are better choices when it comes to
distributing software and updates. (11/2013)
131 Help users to verify they are using Tor [NEEDS-REVISION]
This one is not a crazy idea, but I marked it as
needs-revision since it doesn't seem to work so well with
our current designs. It seems mostly superseded by proposal
211. (11/2013)
132 A Tor Web Service For Verifying Correct Browser Configuration
This proposal was meant to give users a way to see if their
browser and privoxy (yes, it was a while ago) are correctly
configured by running a local webserver on 127.0.0.1. I'm not
sure the status here. Generally, I'm skeptical of designs
that run webservers on localhost, since they become a target
for cross-site attacks. (11/2013)
133 Incorporate Unreachable ORs into the Tor Network
This proposal had an idea for letting ORs that can only make
outgoing connections still relay data usefully in the network.
It's something we should keep in mind, and it's a pretty neat
idea, but it radically changes the network topology. Anybody
who wants to analyze new network topologies should definitely
have a look. (5/2011)
140 Provide diffs between consensuses
This proposal describes a way to transmit less directory
traffic by sending only differences between consensuses, rather
than the consensuses themselves. Daniel Marti implemented this for his
GSoC project last summer; it is still under revision and on target
for merge into 0.2.7. (See ticket #13339) (2/2015)
141 Download server descriptors on demand
The idea of this proposal was for clients to only download the
consensus, and later ask nodes for their own server descriptors
while building the circuit through them. It would make each
circuit more time-consuming to build, but make bootstrapping
much cheaper.
Microdescriptors obsolete a lot of this proposal, and present
some difficulties in using in a way compatible with
it. (6/2012)
143 Improvements of Distributed Storage for Tor Hidden Service
Descriptors
Here's a proposal from Karsten about making the hidden
service DHT more reliable and secure to use. It could use
more discussion and analysis. We should look into it as part
of efforts to improve designs for the next generation of
hidden services.
One problem with the analysis here, though, is that it
assumes a fixed set of servers that doesn't change. One
reason that we upload to N servers at each chosen point in
the ring is that the hidden service host and the hidden
service client may have different views of which servers
exist. We need to re-do the analysis with some fraction of
recent consensuses.
This is probably superseded by proposal 224; we should close it
IMO. (2/2014)
144 Increase the diversity of circuits by detecting nodes
belonging the same provider
This is a version of the good idea, "Let's do routing in a way
that tries to keep from routing traffic through the same
provider too much!" There are complex issues here that the
proposal doesn't completely address, but I think it might be a
fine idea for somebody to see how much more we know now than we
did in 2008, particularly in light of the relevant paper(s) by
Matt Edmann and Paul Syverson. (5/2011)
145 Separate "suitable as a guard" from "suitable as a new guard"
[NEEDS-RESEARCH]
Currently, the Guard flag means both "You can use this node as a
guard if you need to pick a new guard" and "If this node is
currently your guard, you can keep using it as a guard." This
proposal tries to separate these two concepts, so that clients can
stop picking a router once it is full of existing clients using it
as a guard, but the clients currently on it won't all drop it.
It's not clear whether this has anonymity issues, and it's not
clear whether the imagined performance gains are actually
worthwhile.
This is probably superseded by proposal 236, which has a better
approach for weighting guard node selection probabilities; we
should probably close this ticket. (2/2015)
156 Tracking blocked ports on the client side
This proposal provides a way for clients to learn which ports
they are (and aren't) able to connect to, and connect to the
ones that work. It comes with a patch, too. It also lets
routers track ports that _they_ can't connect to.
I'm a little unconvinced that this will help a great deal: most
clients that have some ports blocked will need bridges, not
just restriction to a smaller set of ports. This could be good
behind restrictive firewalls, though.
The router-side part is a little iffy: routers that can't
connect to each other violate one of our network topology
assumptions, and even if we do want to track failed
router->router connections, the routers need to be sure that
they aren't fooled into trying to connect repeatedly to a
series of nonexistent addresses in an attempt to make them
believe that (say) they can't reach port 443.
This one is a paradigmatic "open" proposal: it needs more
discussion. The patch probably also needs to be ported to
0.2.3.x; it touches some code that has changed.
This is likely also to be relevant for the ideas of proposal 241,
and maybe superseded by some version of that proposal. (2/2015)
159 Exit Scanning
This is an overview of SoaT, with some ideas for how to integrate
it into Tor. (5/2011)
164 Reporting the status of server votes
This proposal explains a way for authorities to provide a
slightly more verbose document that relay operators can use to
diagnose reasons that their router was or was not listed in the
consensus. These documents would be like slightly more verbose
versions of the authorities' votes, and would explain *why* the
authority voted as it did. It wouldn't be too hard to
implement, and would be a fine project for somebody who wants
to get to know the directory code. (5/2011)
165 Easy migration for voting authority sets
This is a design for how to change the set of authorities without
having a flag day where the authority operators all reconfigure
their authorities at once. It needs more discussion. One
difficulty here is that we aren't talking much about changing the
set of authorities, but that may be a chicken-and-egg issue, since
changing the set is so onerous.
If anybody is interested, it would be great to move the discussion
ahead here. (5/2011)
168 Reduce default circuit window
This proposal reduces the default window for circuit sendme
cells. I think it's implemented (or mostly implemented) in
0.2.1.20? If so, we should make sure that tor-spec.txt is
updated and close it. (11/2013)
172 GETINFO controller option for circuit information
173 GETINFO Option Expansion
These would help controllers (particularly arm) provide more
useful information about a running Tor process. They're
accepted and some parts of 173 are even implemented: somebody
just needs to implement the rest. (5/2011)
175 Automatically promoting Tor clients to nodes
Here's Steven's proposal for adding a mode between "client
mode" and "relay mode" for "self-test to see if you would be a
good relay, and if so become one." It didn't get enough
attention when it was posted to the list; more people should
review it. (5/2011)
177 Abstaining from votes on individual flags
Here's my proposal for letting authorities have opinions about some
(flag,router) combinations without voting on whether _every_ router
should have that flag. It's simple, and I think it's basically
right. With more discussion and review, somebody could/should
build it, I think. (11/2013)
182 Credit Bucket
This proposal suggests an alternative approach to our current
token-bucket based rate-limiting, that promises better
performance, less buffering insanity, and a possible end to
double-gating issues. (6/2012)
185 Directory caches without DirPort
The old HTTP directory port feature is no longer used by
clients and relays under most circumstances. The proposal
explains how we can get rid of the requirement that non-bridge
directories have an open directory port. (6/2012)
188 Bridge Guards and other anti-enumeration defenses
This proposal suggests some ways to make it harder for a relay
on the Tor network to enumerate a list of Tor bridges. Worth
investigating and possibly implementing. (6/2012)
189 AUTHORIZE and AUTHORIZED cells
190 Bridge Client Authorization Based on a Shared Secret [NEEDS-REVISION]
191 Bridge Detection Resistance against MITM-capable Adversaries
Proposal 187 reserved the AUTHORIZE cell type; these
proposals suggests how it could work to try to make it
harder to probe for Tor bridges. They need more alternatives
and attention, and possibly some revision and analysis.
Number 190 needs revision, since its protocol isn't actually
so great. (11/2013)
192 Automatically retrieve and store information about bridges
This proposal gives an enhancement to the bridge information
protocol, where clients remember more things about bridges, and
are able to update what they know about them over time. Could
help a lot with bridge churn. (6/2012)
194 Mnemonic .onion URLs
Here's one of several competing "let's make .onion URLs
human-usable" proposals. This one makes sentences using a
fixed map. This kind of approach is likely to obsoleted if
we go ahead with current plans for hidden services that
would make .onion addresses much longer, though. (11/2013)
195 TLS certificate normalization for Tor 0.2.4.x
Here's the followup to proposal 179, containing all the parts
of proposal 179 that didn't get built, and a couple of other
tricks besides to try to make Tor's default protocol less
detectable. I'm pretty psyched about the part where we let
relays drop in any any self-signed or CA-issued certificate
that they like. Some of this is done in ticket #7145;
we should decide, however, how much we want to push towards
normalizing the main Tor protocol. Some of the NSA documents
published in Der Spiegel this past December imply that this kind of
fingerprinting can be helpful for snoops; we should take another
look at it. (2/2015)
196 Extended ORPort and TransportControlPort
Here are some remaining pieces of the pluggable transport
protocol that give Tor finer control over the behavior of
its transports. Much of this is implemented in 0.2.5
now; we should figure out what's left, and whether we want
to build that. (11/2013)
197 Message-based Inter-Controller IPC Channel
This proposal is for an architectural enhancement in Tor
deployments, where Tor coordinates communications between the
various programs (Vidalia, TorBrowser, etc) that are using
it. (6/2012)
199 Integration of BridgeFinder and BridgeFinderHelper
Here's a proposal for how Tor can integrate with a client
program that finds bridges for it. I've seen some work being
done on things called "BridgeFinder"; I don't know what the
status of the current proposal is, though. (11/2013)
201 Make bridges report statistics on daily v3 network status requests
Here's a proposal for bridges to better estimate the number of
bridge users. (6/2012)
202 Two improved relay encryption protocols for Tor cells
Here's a sketch of the two broad classes of alternatives for
improving how relay encryption works. Right now, progress on
this proposal is stalled waiting for the ideal wide-block
construction to come along the line. (11/2013)
203 Avoiding censorship by impersonating an HTTPS server
This one is a design for making a bridge that acts like an
HTTPS server (by *being* an HTTPS server) until the user
proves they know it's a bridge. (11/2013)
209 Tuning the Parameters for the Path Bias Defense
In this proposal, Mike discusses alternative parameters for
getting better result out of the path-bias-attack detection
code. (11/2013)
210 Faster Headless Consensus Bootstrapping
This proposal suggests that we get our initial consensus by
launching multiple connections in parallel, and fetching the
consensus from whichever one completes. In my opinion, that
would be a fine idea when we're fetching our initial
consensus from non-Authority DirSources, but we shouldnt' do
anything to increase the load on authorities. (11/2013)
211 Internal Mapaddress for Tor Configuration Testing
Here, the idea is to serve an XML document over HTTP that
would let the know when it's using Tor. The XML document
would be returned when you make a request over Tor for a
magic address in 127.0.0.0/8. I think we need to do
_something_to solve this problem, but I'm not thrilled with
the idea of having any more magical addresses like this; we
got rid of .noconnect for a reason, after all. (11/2013)
212 Increase Acceptable Consensus Age
This proposal suggests that we increase the maximum age of a
consensus that clients are willing to use when they can't
find a new one, in order to make the network robust for
longer against a failure to reach consensus. In my
opinion, we should do that. If I recall correctly, there
was some tor-dev discussion on this one that should get
incorporated into a final, implementable version. (11/2013)
219 Support for full DNS and DNSSEC resolution in Tor
Here's a design to allow Tor to support a full range of DNS
request types. It probably isn't adequate on its to make
DNSSEC work realistically, since naive DNSSEC requires many
round trips that wouldn't be practical over Tor. It has a
ton of inline discussion that needs to get resolved before
this is buildable.
One thing to consider here is whether we can get the server-side
done with reasonable confidence, and figure out the client side
once more servers have upgraded. (12/2013)
220 Migrate server identity keys to Ed25519
v
This one is a design to migrate server identity keys to
Ed25519 for improved security margin. It needs more analysis of
long-term migration to other signing key types -- what do we do
if we want to add support for EdDSA over Curve3617 or something?
Can we make it easier than this? And it also needs analysis to
make sure it enables us to eventually drop RSA1024 keys
entirely.
I've started building this in #12498, though, so we'd better figure
out out fairly soon. Other proposals, like 224, depend on this
one. (2/2015)
223 Ace: Improved circuit-creation key exchange
Here's an interesting one. It proposes a replacement for the
ntor handshake, using the multi-exponentiation optimization, to
run a bit faster at an equivalent security level.
Assuming that more cryptographers like the security proof, and
that the ntor handshake winds up being critical-path in profiles
as more clients upgrade to 0.2.4 or 0.2.5, this is something we
should consider. (12/2013)
224 Next-Generation Hidden Services in Tor
This proposal outlines a more or less completely revised version
of the Tor hidden services protocol, improved to accomodate
better cryptography, better scalability, and defenses for
several attacks we'd never considered when we did the original
design.
Some parts of this one are clearly right; some (like
scalability) are entirely unwritten. This proposal needs a lot
of attention and improvements to get it done right. I hope to
implement this over the course of 2015-2016. (2/2015)
225 Strawman proposal: commit-and-reveal shared rng
Proposal 224's solutions for bug #8244 require that authorities
regularly agree upon a shared random value which none of them
could have influenced or predicted in advance. This proposal
outlines a simple one that isn't perfect (it's vulnerable to DOS
and to limited influence by one or more collaborating hostile
authorities), but it's quite simple, and it's meant to start
discussion.
I hope that we never build this, but instead replace it with
something better. Some alternatives have already been discussed
on tor-dev; more work is needed, though. (12/2013)
226 Scalability and Stability Improvements to BridgeDB:
Switching to a Distributed Database System and RDBMS
This one outlines design and behavior changes for a seriously
refactored bridgedb. (2/2014)
228 Cross-certifying identity keys with onion keys
This proposal signs each server's identity key with its onion
keys, to prove onion key ownership in the router descriptor.
It's not clear that this actually improves security, but it
fixes an annoying gap in our key authentication. I have it coded
up in my #12498 branch, targetting 0.2.7. (2/2015)
229 Further SOCKS5 extensions
Here's a nice idea for how we can support a new SOCKS5 protocol
extension to relay information between clients and Tor, and
between Tor and pluggable transports, more effectively. It
also adds some additional SOCKS5 error codes. There are some
open questions to answer. "Trunnel" has an implementation of
the protocol extension formats in its examples directory. (2/2015)
230 How to change RSA1024 relay identity keys [DRAFT]
231 Migrating authority RSA1024 identity keys [DRAFT]
Who remembers the OpenSSL "Heartbleed" vulnerability?
These proposals I wrote try to explain safer mechanisms for a bunch
of servers to migrate their RSA1024 identity keys at once. I'm not
sure we'll be able to build thee, though: implementating proposal
220 above seems cleverer to me. (2/2015)
232 Pluggable Transport through SOCKS proxy [OPEN]
Arturo Filastà wrote this proposal for chaining pluggable
transports which themselves need to go through proxies. Seems
potentially useful! (2/2015)
233 Making Tor2Web mode faster [OPEN]
This one by Virgil, Fabio, and Giovanni describes a couple of ways
that Tor2Web builds of Tor can save some circuit hops that they use
today. Potentially useful for Tor2Web; any implementation needs to
be sure that it never changes the behavior of non-tor2web clients.
(2/2015)
234 Adding remittance field to directory specification [OPEN]
Virgil, Leif, and Rob added this proposal for relays to specify
payment addresses for schemes that want to compensate relay
operators for their use of bandwidth. (2/2015)
235 Stop assigning (and eventually supporting) the Named flag [DRAFT]
This proposal is about removing the Named flag. (Thanks to
Sebastian Hahn for writing it!) The rationale is that the naming
system for relays never worked particularly well, and it had
strange and hard-to-explain security properties. We've implemented
the key part of this already: directory authorities don't assign
the Named flag any longer. Next up will be removing client support
for parsing and understanding it. (2/2015)
236 The move to a single guard node [OPEN]
This proposal suggests that to limit client fingerprinting, and to
limit opportunities for attacks, clients should use a single guard
node, rotated infrequently. This transition is in progress; we use
a single guard node for circuit traffic now, but in order to make
guards more long-lived, we need to adjust how they are chosen.
George has a patch for that as #9321, targetting inclusion into
0.2.6. (Thanks to George Kadianakis and Nicholas Hopper for
writing this one.) (2/2015)
237 All relays are directory servers [OPEN]
Matthew Finkel wrote this proposal to describe a transition to a
world where Tor relays can be directory servers without having an
open DirPort -- and eventually, where every relay can be a
DirServer. He has an implementation, possibly for 0.2.6 or 0.2.7,
in ticket #12538. (2/2015)
238 Better hidden service stats from Tor relays [DRAFT]
Here's an important one that needs many eyes. George Kadianakis,
David Goulet, Karsten Loesing, and Aaron Johnson wrote this to
describe a mechanism for the tor network to securely produce
aggregate hidden service usage statistics without exposing
sensitive intermediate results. This has an implementation in
0.2.6 and should probably be marked closed. (2/2015)
239 Consensus Hash Chaining [DRAFT]
Here's the start of a good idea that Andrea Shepard wrote up (with
some help from Nick). The idea is to make it hard even for a set
of corrupt authorities (or authority-key-thieves) to make a
personalized false consensus for a target user, by authenticating
the whole sequence as a hash chain. Others on tor-dev suggested
improvements and had good questions (thanks, Leif and Sebastian G!)
(2/2015)
240 Early signing key revocation for directory authorities [DRAFT]
This one is another Andrea+Nick collaboration about certificate
revocation for our most sensitive keys. If an authority key needs
to be replaced, it would be great to take the old one out of
circulation as fast as possible. Peter Palfrader on tor-dev had
some ideas for making this better. (2/2015)
241 Resisting guard-turnover attacks [DRAFT]
I wrote this one with good ideas from Aaron Johnson and Rob
Jansen. It describes a way to respond to an important class of
attacks where an adversary kills off a targeted user's guards until
the user has chosen a guard the attacker controls. (See the
"Sniper Attack") paper. The defense is tricky, and if not done
right, might lead clients to kick themselves off the network out of
paranoia. So, this proposal could use more analysis. (2/2015)
Since last time:
Proposal 140 and 227 have been implemented and closed.
Proposal 215 was implemented and closed
Proposals 230 through 241 are new.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev