aboutsummaryrefslogtreecommitdiff
path: root/doc/TODO
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2006-01-10 22:05:31 +0000
committerNick Mathewson <nickm@torproject.org>2006-01-10 22:05:31 +0000
commit89db1be56c240aa21aafeea026d9ba91c68ce8f8 (patch)
tree67f32191895837c41e2f5c77f780524c2807345d /doc/TODO
parent4ac471a38a2a840e414e469025d060a32ed56fc3 (diff)
downloadtor-89db1be56c240aa21aafeea026d9ba91c68ce8f8.tar.gz
tor-89db1be56c240aa21aafeea026d9ba91c68ce8f8.zip
remove some completed items from the TODO
svn:r5779
Diffstat (limited to 'doc/TODO')
-rw-r--r--doc/TODO140
1 files changed, 8 insertions, 132 deletions
diff --git a/doc/TODO b/doc/TODO
index 3bc339c7f8..2b6e337b8e 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -37,56 +37,17 @@ for 0.1.1.x:
N - if they're trying to be a tor server and they're running
win 98 or win me, give them a message talking about The Bug.
- o update 'exitlist' script to handle new dir format.
- o state_description in config.c has gone stale
+R . Rename 'helper' to 'guard'.
- . Helper nodes
- . More testing and debugging
- o If your helper nodes are unavailable, don't abandon them unless
- other nodes *are* reachable.
- o Make EntryNodes and StrictEntrynodes do what we want.
+N - Display the reasons in 'destroy' and 'truncated' cells under some
+ circumstances?
-N . Destroy and truncated cells should have reasons.
- o Specify
- o Implement
- - Display the reasons under some circumstances?
-
-N . Only use a routerdesc if you recognize its hash.
- o (Must defer till dirservers are upgraded to latest code, which
- actually generates these hashes.)
- . Of course, authdirservers must not do this.
- o If we have a routerdesc for Bob, and he says, "I'm 0.1.0.x", don't
- fetch a new one if it was published in the last 2 hours.
- X Don't, actually. This is the authorities' job to straighten out.
- o Do not ask for any routers until we have 2 networkstatuses.
+N . Directory changes
. Client side:
- o Keep a record of which hash is most desirable for each router inside
- local_routerstatus_t.
- o If any hash is listed by two or more networkstatuses, the most
- recent such hash is most desirable.
- o Otherwise, the most recent is desirable.
- o Once we've accepted a router, it's okay.
- o Do not accept a router that no networkstatus lists. (This should maybe
- get stricter.)
- o Download by descriptor digest.
- o Reset failure count to zero when hash changes.
- . Test
- - Do we want to rate-limit downloads of each identity?
- . Mirrors and authorities:
- o Every time we hear a new networkstatus, we want every hash it lists.
- o Make sure that we are always willing to keep at least N routerinfos
- per router, where N = number of authorities.
- o Do whatever else is needed to be sure that we don't request
- hashes that would be immediately discarded, or discard hashes
- that would be immediately re-requested.
- o Only fetch routerinfo from an authority that mentions is.
- o Only ask each authority once.
- o Retry soon after failure.
- o We need one bit per routerstatus for "should we download from
- this guy."
- - Verify that we are actually storing retained old descriptors to our
- cache.
- - Test.
+ - Do we want to rate-limit downloads of each identity, or do something
+ else to download even less?
+ - Do we want to refrain from downloading non-running or non-verified
+ descriptors? This is potentially dangerous.
- Non-directories don't need to keep descriptors in memory.
R - Christian Grothoff's attack of infinite-length circuit.
@@ -110,7 +71,6 @@ R - clients prefer to avoid exit nodes for non-exit path positions.
- the tor client can do the "automatic proxy config url" thing?
-
Deferred from 0.1.1.x:
- Automatically determine what ports are reachable and start using
@@ -121,7 +81,6 @@ N - Should router info have a pointer to routerstatus?
- We should at least do something about the duplicated fields.
N . Additional controller features
- o Find a way to make event info more extensible
- change circuit status events to give more details, like purpose,
whether they're internal, when they become dirty, when they become
too dirty for further circuits, etc.
@@ -153,87 +112,18 @@ N - Specify and implement it.
- cpu fixes:
- see if we should make use of truncate to retry
- o hardware accelerator support (configure engines.)
- o hardware accelerator support (use instead of aes.c when reasonable)
- - Benchmark this somehow to see whether using EVP_foo is slower in the
- non-engine case than AES_foo. If so, check for AES engine and fall
- back to AES_foo when it's not found.
R - kill dns workers more slowly
. Directory changes
- o recommended-versions for client / server ?
. Some back-out mechanism for auto-approval
- o dirservers have blacklist of IPs and keys they hate
- a way of rolling back approvals to before a timestamp
- Consider minion-like fingerprint file/log combination.
- - Decentralization
- o Dirservers publish compressed network-status objects.
- o Support retrieving several-at-once
- o Everyone downloads network-status objects
- o Clients: from all directories, round-robin
- o Basic implementation: disable until 0.1.1.x is out.
- o On failure, mark trusted_dir_server as having failed
- o Retry, up to a point.
- X Launch retry immediately on failure.
- o Parse them
- o Cache them, reload on restart
- o Serve cached directories
- o Directories expose individual descriptors
- X By 'if-newer-than' (Does the spec require this??)
- o Support compression.
- o Alice acts on network-status objects
- o Alice downloads descriptors as needed.
- o Figure out what's needed
- o Store it
- o Implement store
- o Implement reload-from-store
- o Store downloaded descriptors
- o Download it
- o As-needed if we have 2 network-status objs.
- o Download "all" if we have less than 2 network-status objs.
- (This has vulnerabilities if we're not careful)
- o Call directory_has_arrived as needed; rename it.
- o Set has_fetched_directory properly.
- o Retry descriptors on failure
- o Give up after a while.
- - But try again after a long while (???)
- o Check software versions according to some sane plan.
- - Warn again after 24 hours.
- o Alice sets descriptor status from network-status
- o Implement
- o Use
- o Routerdesc download changes
- o Refactor combined-status to be its own type.
- o Change rule from "do not launch new connections when one exists" to
- "do not request any fingerprint that we're currently requesting."
- o Launch connections every minute, or whenever a download fails
- o Retry failed routerdescs after 0, 1, 5, 10 minutes.
- o Mirrors retry harder and more often. (0, 0, 1, 1, 2, 5, and 15)
- o Reset failure count every 60 minutes
- o Drop fallback to download-all. Also, always split download.
- o Use has_fetched_directory sanely, whatever that means.
- o Downgrade new directory events from notice to info
- o Call dirport_is_reachable from somewhere else.
- o Networkstatus should list who's an authority.
- o Add nickname element to dirserver line. Log this along with IP:Port.
- o Warn when using non-default directory servers.
- o When giving up on a non-finished dir request, log how many bytes
- dropped, to see whether it's worthwhile to use partial info.
-
- config option to publish what ports you listen on, beyond
ORPort/DirPort. It should support ranges and bit prefixes (?) too.
- Parse this.
- Relay this in networkstatus.
- X Make authorities rate-limit logging their complaints about given
- servers?
- o All versions of Tor should get cosmetic changes rate-limited.
- o Pick directories from networkstatus objects, not from routerlist.
- o But! We can't do this easily, since we want to know about platform,
- and networkstatus doesn't tell us Tor version. Can we solve this?
- Should we do it by adding flags to networkstatus or what?
-
- packaging and ui stuff:
. multiple sample torrc files
- uninstallers
@@ -251,11 +141,6 @@ N - Vet all pending installer patches
- unrecommend IE because of ftp:// bug.
- torrc.complete.in needs attention?
- o Dump "ports" from routerparse?
-
- o Let more config options (e.g. ORPort) change dynamically.
- o Add TTLs to DNS-related replies, and use them (when present) to adjust
- addressmap values.
- Bind to random port when making outgoing connections to Tor servers,
to reduce remote sniping attacks.
- Have new people be in limbo and need to demonstrate usefulness
@@ -283,18 +168,11 @@ N - Vet all pending installer patches
- Make it harder to circumvent bandwidth caps: look at number of bytes
sent across sockets, not number sent inside TLS stream.
- o Research memory use on Linux: what's happening?
- X Is it threading? (Maybe, maybe not)
- X Is it the buf_shrink bug? (Quite possibly)
- o Instrument the 0.1.1 code to figure out where our memory is going;
- apply the results. (all platforms?)
-
- Make router_is_general_exit() a bit smarter once we're sure what it's for.
- Directory "helper".
- rewrite how libevent does select() on win32 so it's not so very slow.
- o enclaves (at least preliminary)
- Write limiting; separate token bucket for write
- Audit everything to make sure rend and intro points are just as likely to
be us as not.
@@ -335,8 +213,6 @@ Blue-sky:
- Implement Morphmix, so we can compare its behavior, complexity, etc.
- Other transport. HTTP, udp, rdp, airhook, etc. May have to do our own
link crypto, unless we can bully openssl into it.
- o Conn key rotation (we switch to a new one after a week, but
- old circuits don't get any benefit from this).
- Need a relay teardown cell, separate from one-way ends.
(Pending a user who needs this)
- Handle half-open connections: right now we don't support all TCP