summaryrefslogtreecommitdiff
path: root/doc/TODO
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2008-04-09 02:15:37 +0000
committerNick Mathewson <nickm@torproject.org>2008-04-09 02:15:37 +0000
commit95488380db87925ee8c7de46075d5342f121aa40 (patch)
treea448534df8ddb98067163f1b0e74c2bf52ca7c6f /doc/TODO
parentfaa7484f4304caca84e4ddb2289f98f93c9bd351 (diff)
downloadtor-95488380db87925ee8c7de46075d5342f121aa40.tar.gz
tor-95488380db87925ee8c7de46075d5342f121aa40.zip
r19256@catbus: nickm | 2008-04-08 22:15:27 -0400
Take some of the unsorted 0.2.1.x items (mostly added by arma), and sort them. Remove some that we did already, or that are already duplicated by proposals or other TODO items. svn:r14326
Diffstat (limited to 'doc/TODO')
-rw-r--r--doc/TODO197
1 files changed, 94 insertions, 103 deletions
diff --git a/doc/TODO b/doc/TODO
index c8093a0ac1..2ad135e89d 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -216,6 +216,9 @@ R - Merge into tor-spec.txt.
N - document the "3/4 and 7/8" business in the clients fetching consensus
documents timeline.
R - then document the bridge user download timeline.
+ - HOWTO for DNSPort. See tup's wiki page.
+ . Document transport and natdport in a good HOWTO.
+ - Quietly document NT Service options: revise (or create) FAQ entry
=======================================================================
@@ -235,6 +238,16 @@ For 0.2.1.x:
- Eliminate use of v2 networkstatus documents in v3 authority
decision-making.
- Draft proposal for GeoIP aggregation (see external constraints *)
+ - Separate Guard flags for "pick this as a new guard" and "keep this
+ as an existing guard". First investigate if we want this.
+
+ - Tiny designs to write:
+ - Better estimate of clock skew; has anonymity implications. Clients
+ should estimate their skew as median of skew from servers over last
+ N seconds, but for servers this is not so easy, since a server does
+ not choose who it connects to.
+ - Do TLS connection rotation more often than "once a week" in the
+ extra-stable case.
- Items to backport to 0.2.0.x-rc once solved in 0.2.1.x:
R - Figure out the autoconf problem with adding a fallback consensus.
@@ -243,81 +256,109 @@ W - figure out license
- Use less RAM *
- Optimize cell pool allocation.
+ - Support (or just always use) jemalloc
+ - mmap more files.
- Handle multi-core cpus better
- Use information from NETINFO cells
- Don't extend a circuit over a noncanonical connection with
mismatched address.
- Learn our outgoing IP address from netinfo cells?
- Learn skew from netinfo cells?
- - Better test coverage
+ - Testing
+ - Better unit test coverage
+ - Refactor unit tests into multiple files
+ - Verify that write limits to linked connections work.
- Use more mid-level and high-level libevent APIs
+ - For dns?
+ - For http?
+ - For buffers?
- Emulate NSS better:
- Normalized cipher lists *
- Normalized lists of extensions *
+ - Tool improvements:
+ - Get a "use less buffer ram" patch into openssl.
+ - Get IOCP patch into libevent
+ - Feature removals and deprecations:
+ - Get rid of the v1 directory stuff (making, serving, and caching)
+ - First verify that the caches won't flip out?
+ - If they will, just stop the caches from caching for now
+ - perhaps replace it with a "this is a tor server" stock webpage.
+ - The v2dir flag isn't used for anything anymore, right? If so, dump it.
+ - Even clients run rep_hist_load_mtbf_data(). Does this waste memory?
+ Dump it?
+ - Unless we start using ftime functions, dump them.
+ - can we deprecate 'getinfo network-status'?
+ - can we deprecate the FastFirstHopPK config option?
+ - Can we deprecate controllers that don't use both features?
Nice to have for 0.2.1.x:
- Better support for private networks: figure out what is hard, and
make it easier.
+ - Documentation
+P - Make documentation realize that location of system configuration file
+ will depend on location of system defaults, and isn't always /etc/torrc.
-Planned for 0.2.1.x:
- - Refactoring:
- . Make cells get buffered on circuit, not on the or_conn.
- . Switch to pool-allocation for cells?
-N - Benchmark pool-allocation vs straightforward malloc.
-N - Adjust memory allocation logic in pools to favor a little less
- slack memory.
- . Remove socketpair-based bridges conns, and the word "bridge". (Use
- shared (or connected) buffers for communication, rather than sockets.)
- . Implement
-N - Handle rate-limiting on directory writes to linked directory
- connections in a more sensible manner.
- Nick thinks he did this already?
-N - Find more ways to test this.
- (moria doesn't rate limit, so testing on moria not so good.)
+ - Windows build
+P - Figure out why dll's compiled in mingw don't work right in WinXP.
+P - create a "make win32-bundle" for vidalia-privoxy-tor-torbutton bundle
- - Documentation
- - HOWTO for DNSPort. See tup's wiki page.
- . Document transport and natdport in a good HOWTO.
-N - Quietly document NT Service options: revise (or create) FAQ entry
-
-P - Make documentation realize that location of system configuration file
- will depend on location of system defaults, and isn't always /etc/torrc.
-P - Figure out why dll's compiled in mingw don't work right in WinXP.
-P - create a "make win32-bundle" for vidalia-privoxy-tor-torbutton bundle
-
- - Things that have been bugging Nick
- - Make better use of multi-core machines: Do AES crypto and
- compression in worker threads
- - Maybe use jemalloc from freebsd via firefox 3, once its windows
- and osx ports are more mature.
- - MMap the cached-descriptors.new file as well as the regular ones
- - Actually use SSL_shutdown to close our TLS connections.
+ - Refactor bad code:
- Refactor the HTTP logic so the functions aren't so large.
- - Get a "use less buffer ram" patch into openssl.
- - Get IOCP patch into libevent
- - Use libevent's evdns code where applicable.
- Refactor buf_read and buf_write to have sensible ways to return
error codes after partial writes
- - Improve unit test coverage
- - Logging domains.
+ - Router_choose_random_node() has a big pile of args. make it "flags".
+ - Streamline how we pick entry nodes: Make choose_random_entry() have
+ less magic and less control logic.
+
+ - Make Tor able to chroot itself
+ o allow it to load an entire config file from control interface
+ - document LOADCONF
+ - log rotation (and FD passing) via control interface
+ - chroot yourself, including inhibit trying to read config file
+ and reopen logs, unless they are under datadir.
+
+
+ - Should be trivial:
+ - Base relative control socket paths (and other stuff in torrc) on datadir.
+ - Tor logs the libevent version on startup, for debugging purposes.
+ This is great. But it does this before configuring the logs, so
+ it only goes to stdout and is then lost.
+ - Make TrackHostExits expire TrackHostExitsExpire seconds after their
+ *last* use, not their *first* use.
+ - enforce a lower limit on MaxCircuitDirtiness and CircuitBuildTimeout.
+ - Make 'safelogging' extend to info-level logs too.
+
+ - Interface for letting SOAT modify flags that authorities assign.
+
+Later, unless people want to implement them now:
+ - Actually use SSL_shutdown to close our TLS connections.
+ - Polipo vs Privoxy
+ - switch out privoxy in the bundles and replace it with polipo.
+ - Consider creating special Tor-Polipo-Vidalia test packages,
+ requested by Dmitri Vitalev (does torbrowser meet this need?)
+ - Include "v" line in networkstatus getinfo values.
+ - Let tor dir mirrors proxy connections to the tor download site, so
+ if you know a bridge you can fetch the tor software.
+
+Can anybody remember why we wanted to do this and/or what it means?
+ - config option __ControllerLimit that hangs up if there are a limit
+ of controller connections already.
+ - configurable timestamp granularity. defaults to 'seconds'.
+
+
+* * * *
- - get rid of the v1 directory stuff (making, serving, and caching).
- - perhaps replace it with a "this is a tor server" stock webpage.
- - the v2dir flag isn't used for anything anymore. right?
- - even clients run rep_hist_load_mtbf_data(). this wastes memory.
- steven's plan for replacing check.torproject.org with a built-in
answer by tor itself.
- a status event for when tor decides to stop fetching directory info
if the client hasn't clicked recently: then make the onion change too.
-
- bridge communities with local bridge authorities:
- clients who have a password configured decide to ask their bridge
authority for a networkstatus
- be able to have bridges that aren't in your torrc. save them in
state file, etc.
-N - router_choose_random_node() has a big pile of args. make it "flags".
- Consider if we can solve: the Tor client doesn't know what flags
its bridge has (since it only gets the descriptor), so it can't
make decisions based on Fast or Stable.
@@ -327,38 +368,7 @@ N - router_choose_random_node() has a big pile of args. make it "flags".
something, we will immediately use the old descriptors we've got,
while we try fetching the newer descriptors?
related to bug 401.
- . Finish path-spec.txt
- - More prominently, we should have a recommended apps list.
- - recommend pidgin (gaim is renamed)
- - unrecommend IE because of ftp:// bug.
- - we should add a preamble to tor-design saying it's out of date.
- - Refactor networkstatus generation:
- - Include "v" line in getinfo values.
- - config option __ControllerLimit that hangs up if there are a limit
- of controller connections already.
- - Features (other than bridges):
- - Audit how much RAM we're using for buffers and cell pools; try to
- trim down a lot.
- - Base relative control socket paths on datadir.
- - Make TrackHostExits expire TrackHostExitsExpire seconds after their
- *last* use, not their *first* use.
- - switch out privoxy in the bundles and replace it with polipo.
- - Consider creating special Tor-Polipo-Vidalia test packages,
- requested by Dmitri Vitalev (does torbrowser meet this need?)
- Create packages for Nokia 800, requested by Chris Soghoian
- - mirror tor downloads on (via) tor dir caches
- . spec
- - deploy
- - interface for letting soat modify flags that authorities assign
- . spec
- - proposal 118 if feasible and obvious
- - Maintain a skew estimate and use ftime consistently.
- - Tor logs the libevent version on startup, for debugging purposes.
- This is great. But it does this before configuring the logs, so
- it only goes to stdout and is then lost.
- - Deprecations:
- - can we deprecate 'getinfo network-status'?
- - can we deprecate the FastFirstHopPK config option?
- Bridges:
. Bridges users (rudimentary version)
. Ask all directory questions to bridge via BEGIN_DIR.
@@ -369,43 +379,18 @@ N - router_choose_random_node() has a big pile of args. make it "flags".
d Limit to 2 dir, 2 OR, N SOCKS connections per IP.
- Or maybe close connections from same IP when we get a lot from one.
- Or maybe block IPs that connect too many times at once.
- - Do TLS connection rotation more often than "once a week" in the
- extra-stable case.
- - Streamline how we pick entry nodes: Make choose_random_entry() have
- less magic and less control logic.
- when somebody uses the controlport as an http proxy, give them
a "tor isn't an http proxy" error too like we do for the socks port.
- we try to build 4 test circuits to break them over different
servers. but sometimes our entry node is the same for multiple
test circuits. this defeats the point.
- - enforce a lower limit on MaxCircuitDirtiness and CircuitBuildTimeout.
- - configurable timestamp granularity. defaults to 'seconds'.
- - consider making 'safelogging' extend to info-level logs too.
- - consider whether a single Guard flag lets us distinguish between
- "was good enough to be a guard when we picked it" and "is still
- adequate to be used as a guard even after we've picked it". We should
- write a real proposal for this.
- - make the new tls handshake blocking-resistant.
- o figure out some way to collect feedback about what countries are using
- bridges, in a way that doesn't screw anonymity too much.
- - let tor dir mirrors proxy connections to the tor download site, so
- if you know a bridge you can fetch the tor software.
- more strategies for distributing bridge addresses in a way that
doesn't rely on knowing somebody who runs a bridge for you.
- A way to adjust router status flags from the controller. (How do we
prevent the authority from clobbering them soon afterward?)
- Bridge authorities should do reachability testing but only on the
purpose==bridge descriptors they have.
- - Clients should estimate their skew as median of skew from servers
- over last N seconds.
- - Start on the WSAENOBUFS solution.
- - Stuff that weasel wants:
- - Make Tor able to chroot itself
- o allow it to load an entire config file from control interface
- - document LOADCONF
- - log rotation (and FD passing) via control interface
- - chroot yourself, including inhibit trying to read config file
- and reopen logs, unless they are under datadir.
+
Deferred from 0.2.0.x:
- Proposals
@@ -689,6 +674,7 @@ Documentation, non-version-specific.
- Mark up spec; note unclear points about servers
NR - write a spec appendix for 'being nice with tor'
- Specify the keys and key rotation schedules and stuff
+ . Finish path-spec.txt
- Mention controller libs someplace.
- Remove need for HACKING file.
- document http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy on freebsd and osx
@@ -721,7 +707,13 @@ I - add a page for localizing all tor's components.
work. Right now, we don't give a lot of guidance wrt
torbutton/foxproxy/privoxy/polipo in any consistent place.
P - create a 'blog badge' for tor fans to link to and feature on their
- blogs. A sample can be found at http://interloper.org/tmp/tor/tor-button.png
+ blogs. A sample is at http://interloper.org/tmp/tor/tor-button.png
+ - More prominently, we should have a recommended apps list.
+ - recommend pidgin (gaim is renamed)
+ - unrecommend IE because of ftp:// bug.
+ - Addenda to tor-design
+ - we should add a preamble to tor-design saying it's out of date.
+ - we should add an appendix or errata on what's changed.
- Tor mirrors
- make a mailing list with the mirror operators
@@ -736,4 +728,3 @@ P - create a 'blog badge' for tor fans to link to and feature on their
- ponder how to get users to learn that they should google for
"tor mirrors" if the main site is blocked.
- find a mirror volunteer to coordinate all of this
-