diff options
| -rw-r--r-- | doc/TODO | 197 |
1 files changed, 94 insertions, 103 deletions
@@ -216,6 +216,9 @@ R - Merge into tor-spec.txt. N - document the "3/4 and 7/8" business in the clients fetching consensus documents timeline. R - then document the bridge user download timeline. + - HOWTO for DNSPort. See tup's wiki page. + . Document transport and natdport in a good HOWTO. + - Quietly document NT Service options: revise (or create) FAQ entry ======================================================================= @@ -235,6 +238,16 @@ For 0.2.1.x: - Eliminate use of v2 networkstatus documents in v3 authority decision-making. - Draft proposal for GeoIP aggregation (see external constraints *) + - Separate Guard flags for "pick this as a new guard" and "keep this + as an existing guard". First investigate if we want this. + + - Tiny designs to write: + - Better estimate of clock skew; has anonymity implications. Clients + should estimate their skew as median of skew from servers over last + N seconds, but for servers this is not so easy, since a server does + not choose who it connects to. + - Do TLS connection rotation more often than "once a week" in the + extra-stable case. - Items to backport to 0.2.0.x-rc once solved in 0.2.1.x: R - Figure out the autoconf problem with adding a fallback consensus. @@ -243,81 +256,109 @@ W - figure out license - Use less RAM * - Optimize cell pool allocation. + - Support (or just always use) jemalloc + - mmap more files. - Handle multi-core cpus better - Use information from NETINFO cells - Don't extend a circuit over a noncanonical connection with mismatched address. - Learn our outgoing IP address from netinfo cells? - Learn skew from netinfo cells? - - Better test coverage + - Testing + - Better unit test coverage + - Refactor unit tests into multiple files + - Verify that write limits to linked connections work. - Use more mid-level and high-level libevent APIs + - For dns? + - For http? + - For buffers? - Emulate NSS better: - Normalized cipher lists * - Normalized lists of extensions * + - Tool improvements: + - Get a "use less buffer ram" patch into openssl. + - Get IOCP patch into libevent + - Feature removals and deprecations: + - Get rid of the v1 directory stuff (making, serving, and caching) + - First verify that the caches won't flip out? + - If they will, just stop the caches from caching for now + - perhaps replace it with a "this is a tor server" stock webpage. + - The v2dir flag isn't used for anything anymore, right? If so, dump it. + - Even clients run rep_hist_load_mtbf_data(). Does this waste memory? + Dump it? + - Unless we start using ftime functions, dump them. + - can we deprecate 'getinfo network-status'? + - can we deprecate the FastFirstHopPK config option? + - Can we deprecate controllers that don't use both features? Nice to have for 0.2.1.x: - Better support for private networks: figure out what is hard, and make it easier. + - Documentation +P - Make documentation realize that location of system configuration file + will depend on location of system defaults, and isn't always /etc/torrc. -Planned for 0.2.1.x: - - Refactoring: - . Make cells get buffered on circuit, not on the or_conn. - . Switch to pool-allocation for cells? -N - Benchmark pool-allocation vs straightforward malloc. -N - Adjust memory allocation logic in pools to favor a little less - slack memory. - . Remove socketpair-based bridges conns, and the word "bridge". (Use - shared (or connected) buffers for communication, rather than sockets.) - . Implement -N - Handle rate-limiting on directory writes to linked directory - connections in a more sensible manner. - Nick thinks he did this already? -N - Find more ways to test this. - (moria doesn't rate limit, so testing on moria not so good.) + - Windows build +P - Figure out why dll's compiled in mingw don't work right in WinXP. +P - create a "make win32-bundle" for vidalia-privoxy-tor-torbutton bundle - - Documentation - - HOWTO for DNSPort. See tup's wiki page. - . Document transport and natdport in a good HOWTO. -N - Quietly document NT Service options: revise (or create) FAQ entry - -P - Make documentation realize that location of system configuration file - will depend on location of system defaults, and isn't always /etc/torrc. -P - Figure out why dll's compiled in mingw don't work right in WinXP. -P - create a "make win32-bundle" for vidalia-privoxy-tor-torbutton bundle - - - Things that have been bugging Nick - - Make better use of multi-core machines: Do AES crypto and - compression in worker threads - - Maybe use jemalloc from freebsd via firefox 3, once its windows - and osx ports are more mature. - - MMap the cached-descriptors.new file as well as the regular ones - - Actually use SSL_shutdown to close our TLS connections. + - Refactor bad code: - Refactor the HTTP logic so the functions aren't so large. - - Get a "use less buffer ram" patch into openssl. - - Get IOCP patch into libevent - - Use libevent's evdns code where applicable. - Refactor buf_read and buf_write to have sensible ways to return error codes after partial writes - - Improve unit test coverage - - Logging domains. + - Router_choose_random_node() has a big pile of args. make it "flags". + - Streamline how we pick entry nodes: Make choose_random_entry() have + less magic and less control logic. + + - Make Tor able to chroot itself + o allow it to load an entire config file from control interface + - document LOADCONF + - log rotation (and FD passing) via control interface + - chroot yourself, including inhibit trying to read config file + and reopen logs, unless they are under datadir. + + + - Should be trivial: + - Base relative control socket paths (and other stuff in torrc) on datadir. + - Tor logs the libevent version on startup, for debugging purposes. + This is great. But it does this before configuring the logs, so + it only goes to stdout and is then lost. + - Make TrackHostExits expire TrackHostExitsExpire seconds after their + *last* use, not their *first* use. + - enforce a lower limit on MaxCircuitDirtiness and CircuitBuildTimeout. + - Make 'safelogging' extend to info-level logs too. + + - Interface for letting SOAT modify flags that authorities assign. + +Later, unless people want to implement them now: + - Actually use SSL_shutdown to close our TLS connections. + - Polipo vs Privoxy + - switch out privoxy in the bundles and replace it with polipo. + - Consider creating special Tor-Polipo-Vidalia test packages, + requested by Dmitri Vitalev (does torbrowser meet this need?) + - Include "v" line in networkstatus getinfo values. + - Let tor dir mirrors proxy connections to the tor download site, so + if you know a bridge you can fetch the tor software. + +Can anybody remember why we wanted to do this and/or what it means? + - config option __ControllerLimit that hangs up if there are a limit + of controller connections already. + - configurable timestamp granularity. defaults to 'seconds'. + + +* * * * - - get rid of the v1 directory stuff (making, serving, and caching). - - perhaps replace it with a "this is a tor server" stock webpage. - - the v2dir flag isn't used for anything anymore. right? - - even clients run rep_hist_load_mtbf_data(). this wastes memory. - steven's plan for replacing check.torproject.org with a built-in answer by tor itself. - a status event for when tor decides to stop fetching directory info if the client hasn't clicked recently: then make the onion change too. - - bridge communities with local bridge authorities: - clients who have a password configured decide to ask their bridge authority for a networkstatus - be able to have bridges that aren't in your torrc. save them in state file, etc. -N - router_choose_random_node() has a big pile of args. make it "flags". - Consider if we can solve: the Tor client doesn't know what flags its bridge has (since it only gets the descriptor), so it can't make decisions based on Fast or Stable. @@ -327,38 +368,7 @@ N - router_choose_random_node() has a big pile of args. make it "flags". something, we will immediately use the old descriptors we've got, while we try fetching the newer descriptors? related to bug 401. - . Finish path-spec.txt - - More prominently, we should have a recommended apps list. - - recommend pidgin (gaim is renamed) - - unrecommend IE because of ftp:// bug. - - we should add a preamble to tor-design saying it's out of date. - - Refactor networkstatus generation: - - Include "v" line in getinfo values. - - config option __ControllerLimit that hangs up if there are a limit - of controller connections already. - - Features (other than bridges): - - Audit how much RAM we're using for buffers and cell pools; try to - trim down a lot. - - Base relative control socket paths on datadir. - - Make TrackHostExits expire TrackHostExitsExpire seconds after their - *last* use, not their *first* use. - - switch out privoxy in the bundles and replace it with polipo. - - Consider creating special Tor-Polipo-Vidalia test packages, - requested by Dmitri Vitalev (does torbrowser meet this need?) - Create packages for Nokia 800, requested by Chris Soghoian - - mirror tor downloads on (via) tor dir caches - . spec - - deploy - - interface for letting soat modify flags that authorities assign - . spec - - proposal 118 if feasible and obvious - - Maintain a skew estimate and use ftime consistently. - - Tor logs the libevent version on startup, for debugging purposes. - This is great. But it does this before configuring the logs, so - it only goes to stdout and is then lost. - - Deprecations: - - can we deprecate 'getinfo network-status'? - - can we deprecate the FastFirstHopPK config option? - Bridges: . Bridges users (rudimentary version) . Ask all directory questions to bridge via BEGIN_DIR. @@ -369,43 +379,18 @@ N - router_choose_random_node() has a big pile of args. make it "flags". d Limit to 2 dir, 2 OR, N SOCKS connections per IP. - Or maybe close connections from same IP when we get a lot from one. - Or maybe block IPs that connect too many times at once. - - Do TLS connection rotation more often than "once a week" in the - extra-stable case. - - Streamline how we pick entry nodes: Make choose_random_entry() have - less magic and less control logic. - when somebody uses the controlport as an http proxy, give them a "tor isn't an http proxy" error too like we do for the socks port. - we try to build 4 test circuits to break them over different servers. but sometimes our entry node is the same for multiple test circuits. this defeats the point. - - enforce a lower limit on MaxCircuitDirtiness and CircuitBuildTimeout. - - configurable timestamp granularity. defaults to 'seconds'. - - consider making 'safelogging' extend to info-level logs too. - - consider whether a single Guard flag lets us distinguish between - "was good enough to be a guard when we picked it" and "is still - adequate to be used as a guard even after we've picked it". We should - write a real proposal for this. - - make the new tls handshake blocking-resistant. - o figure out some way to collect feedback about what countries are using - bridges, in a way that doesn't screw anonymity too much. - - let tor dir mirrors proxy connections to the tor download site, so - if you know a bridge you can fetch the tor software. - more strategies for distributing bridge addresses in a way that doesn't rely on knowing somebody who runs a bridge for you. - A way to adjust router status flags from the controller. (How do we prevent the authority from clobbering them soon afterward?) - Bridge authorities should do reachability testing but only on the purpose==bridge descriptors they have. - - Clients should estimate their skew as median of skew from servers - over last N seconds. - - Start on the WSAENOBUFS solution. - - Stuff that weasel wants: - - Make Tor able to chroot itself - o allow it to load an entire config file from control interface - - document LOADCONF - - log rotation (and FD passing) via control interface - - chroot yourself, including inhibit trying to read config file - and reopen logs, unless they are under datadir. + Deferred from 0.2.0.x: - Proposals @@ -689,6 +674,7 @@ Documentation, non-version-specific. - Mark up spec; note unclear points about servers NR - write a spec appendix for 'being nice with tor' - Specify the keys and key rotation schedules and stuff + . Finish path-spec.txt - Mention controller libs someplace. - Remove need for HACKING file. - document http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy on freebsd and osx @@ -721,7 +707,13 @@ I - add a page for localizing all tor's components. work. Right now, we don't give a lot of guidance wrt torbutton/foxproxy/privoxy/polipo in any consistent place. P - create a 'blog badge' for tor fans to link to and feature on their - blogs. A sample can be found at http://interloper.org/tmp/tor/tor-button.png + blogs. A sample is at http://interloper.org/tmp/tor/tor-button.png + - More prominently, we should have a recommended apps list. + - recommend pidgin (gaim is renamed) + - unrecommend IE because of ftp:// bug. + - Addenda to tor-design + - we should add a preamble to tor-design saying it's out of date. + - we should add an appendix or errata on what's changed. - Tor mirrors - make a mailing list with the mirror operators @@ -736,4 +728,3 @@ P - create a 'blog badge' for tor fans to link to and feature on their - ponder how to get users to learn that they should google for "tor mirrors" if the main site is blocked. - find a mirror volunteer to coordinate all of this - |