summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2005-09-21 04:02:54 +0000
committerNick Mathewson <nickm@torproject.org>2005-09-21 04:02:54 +0000
commitf411dd8d3a6a20d92d700db2d5c78c2f4de759f4 (patch)
tree462afd1af9495bda1f6ecc4f2c3792e9cd1f34a3
parent72915546cde4bbab7683c9cb526fb36b19ada982 (diff)
downloadtor-f411dd8d3a6a20d92d700db2d5c78c2f4de759f4.tar.gz
tor-f411dd8d3a6a20d92d700db2d5c78c2f4de759f4.zip
Move items from meeting into dir-spec and TODO.
svn:r5102
-rw-r--r--doc/TODO39
-rw-r--r--doc/dir-spec.txt19
2 files changed, 48 insertions, 10 deletions
diff --git a/doc/TODO b/doc/TODO
index 64506fb494..570bf2ec6d 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -132,7 +132,7 @@ R - check reachability as soon as you hear about a new server
o Directories expose individual descriptors
X By 'if-newer-than' (Does the spec require this??)
o Support compression.
-N - Alice acts on network-status objects
+ o Alice acts on network-status objects
o Alice downloads descriptors as needed.
o Figure out what's needed
o Store it
@@ -148,16 +148,45 @@ N - Alice acts on network-status objects
o Retry descriptors on failure
o Give up after a while.
- But try again after a long while (???)
- - Check software versions according to some sane plan.
+ o Check software versions according to some sane plan.
+ - Warn again after 24 hours.
o Alice sets descriptor status from network-status
o Implement
o Use
+N - Routerdesc download changes
+ - Refactor combined-status to be its own type.
+ - Change rule from "do not launch new connections when one exists" to
+ "do not request any fingerprint that we're currently requesting."
+ - Launch connections every minute, or whenever a download fails
+ - Retry failed routerdescs after 0, 1, 5, 10 minutes.
+ - Mirrors retry harder and more often.
+ - Reset failure count every 60 minutes
+ - Only use a routerdesc if you recognize its hash.
+ - Must defer till dirservers are upgraded to latest.
+ - Of course, authdirservers must not do this.
+ - Should directory mirrors do something else entirely?
+ - Use has_fetched_directory sanely, whatever that means.
+ - What *does* that mean?
+ - If we have a routerdesc for Bob, and he says, "I'm 0.1.0.x", don't
+ fetch a new one if it was published in the last 2 hours.
+ - How does this interact with the 'recognized hash' rule?
+ - Drop fallback to download-all. Also, always split download.
+ - Downgrade new directory events from notice to info
+ - Clients should estimate their skew as median of skew from directory
+ connections over last N seconds.
- Call dirport_is_reachable from somewhere else.
-
+ - Networkstatus should list who's an authority.
+ - Add nickname element to dirserver line. Log this along with IP:Port.
+ - Warn when using non-default directory servers.
+ - When giving up on a non-finished dir request, log how many bytes
+ dropped, to see whether it's worthwhile to use partial info.
- Security
- Alices avoid duplicate class C nodes.
- Analyze how bad the partitioning is or isn't.
+ - Make authorities rate-limit logging their complaints about given
+ servers?
+
N . Naming and validation:
o Separate naming from validation in authdirs.
o Authdirs need to be able to decline to validate based on
@@ -165,6 +194,8 @@ N . Naming and validation:
o Authdirs need to be able to decline to include baased on
IP range and key.
o Not all authdirs name.
+ - Change naming rule: N->K iff any naming authdir says N->K,
+ and none says N->K' or N'->K.
- Clients choose names based on network-status options.
- Names are remembered in client state
- Okay to have two valid servers with same nickname, but not
@@ -195,6 +226,8 @@ Reach (deferrable) items for 0.1.1.x:
- Instrument the 0.1.1 code to figure out where our memory is going;
apply the results. (all platforms?)
+ - Make router_is_general_exit() a bit smarter once we're sure what it's for.
+
For 0.1.1.x, if we can figure out how:
- rewrite how libevent does select() on win32 so it's not so very slow.
o enclaves (at least preliminary)
diff --git a/doc/dir-spec.txt b/doc/dir-spec.txt
index ecfcf506e9..1c3247ea0d 100644
--- a/doc/dir-spec.txt
+++ b/doc/dir-spec.txt
@@ -335,11 +335,9 @@ $Id$
fails and we have no directory connections fetching routerdescs.
TODO Specify here:
- - Retry-on-failure.
- - When to 0-out failure count for routerdesc?
- When to 0-out failure count for networkstatus?
- - Fallback to download-all.
+ - Drop fallback to download-all. Also, always split download.
- For versions: if you're listed by more than half of live versioning
networkstatuses, good. if less than half of networkstatuses are live,
@@ -359,12 +357,19 @@ $Id$
- Describe when router is "out of date". (Any dirserver says so.)
- - Warn when using non-default directory servers.
+ - Change rule from "do not launch new connections when one exists" to
+ "do not request any fingerprint that we're currently requesting."
- - When giving up on a non-finished dir request, log how many bytes
- dropped.
+ - Launch new connections every minute, plus whenever a download fails.
+ - Reset routerdesc failure count after 60 minutes, or when
+ when network comes back on after absence.
+ - Make "I didn't get the one I thought was most recent" a failure.
+ - Retry these every 5 minutes if you're a client.
+ - Mirrors should retry these harder and more often.
+ - If we have a routerdesc for Bob, and he says, "I'm 0.1.0.x", don't
+ fetch a new one if it was published in the last 2 hours. (??)
- -
+
6. Remaining issues