From d84a97fb41832cf58d7d5be279f8c0cfec3033d5 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 14 Jan 2013 18:46:32 -0500 Subject: finish poking at the changelog --- ChangeLog | 49 ++++++++++++++++++++++++++++--------------------- changes/geoip-jan2013 | 3 --- 2 files changed, 28 insertions(+), 24 deletions(-) delete mode 100644 changes/geoip-jan2013 diff --git a/ChangeLog b/ChangeLog index 03ed90752a..b6fe5bf84d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,13 +1,18 @@ Changes in version 0.2.4.8-alpha - 2013-01-14 + Tor 0.2.4.8-alpha introduces directory guards to reduce user enumeration + risks, adds a new stronger and faster circuit handshake, and offers + stronger and faster link encryption when both sides support it. o Major features: - Preliminary support for directory guards (proposal 207): when possible, clients now use their entry guards for non-anonymous directory requests. This can help prevent client enumeration. Note that this behavior only works when we have a usable consensus - directory: and when options about what to download are more or - less standard. Resolves ticket 6526. - - Tor servers and clients now support a better CREATE/EXTEND cell + directory, and when options about what to download are more or less + standard. In the future we should re-bootstrap from our guards, + rather than re-bootstrapping from the preconfigured list of + directory sources that ships with Tor. Resolves ticket 6526. + - Tor relays and clients now support a better CREATE/EXTEND cell format, allowing the sender to specify multiple address, identity, and handshake types. Implements Robert Ransom's proposal 200; closes ticket 7199. @@ -16,7 +21,7 @@ Changes in version 0.2.4.8-alpha - 2013-01-14 - Tor now supports a new circuit extension handshake designed by Ian Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original circuit extension handshake, later called "TAP", was a bit slow - (especially on the server side), had a fragile security proof, and + (especially on the relay side), had a fragile security proof, and used weaker keys than we'd now prefer. The new circuit handshake uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman function, making it significantly more secure than the older @@ -35,30 +40,31 @@ Changes in version 0.2.4.8-alpha - 2013-01-14 Implements proposal 216; closes ticket 7202. o Major features (better link encryption): - - Servers can now enable the ECDHE TLS ciphersuites when available - and appropriate. These ciphersuites let us negotiate forward- - secure TLS secret keys more safely and more efficiently than with - our previous use of Diffie-Hellman modulo a 1024-bit prime. - By default, public servers prefer the (faster) P224 group, and - bridges prefer the (more common) P256 group; you can override this - with the TLSECGroup option. + - Relays can now enable the ECDHE TLS ciphersuites when available + and appropriate. These ciphersuites let us negotiate forward-secure + TLS secret keys more safely and more efficiently than with our + previous use of Diffie-Hellman modulo a 1024-bit prime. By default, + public relays prefer the (faster) P224 group, and bridges prefer + the (more common) P256 group; you can override this with the + TLSECGroup option. Enabling these ciphers was a little tricky, since for a long time, clients had been claiming to support them without actually doing so, in order to foil fingerprinting. But with the client-side implementation of proposal 198 in 0.2.3.17-beta, clients can now match the ciphers from recent Firefox versions *and* list the - ciphers they actually mean, so servers can believe such clients + ciphers they actually mean, so relays can believe such clients when they advertise ECDHE support in their TLS ClientHello messages. This feature requires clients running 0.2.3.17-beta or later, and requires both sides to be running OpenSSL 1.0.0 or later with ECC support. OpenSSL 1.0.1, with the compile-time option - "enable-ec_nistp_64_gcc_128", is highly recommended. Implements - the server side of proposal 198; closes ticket 7200. + "enable-ec_nistp_64_gcc_128", is highly recommended. + + Implements the relay side of proposal 198; closes ticket 7200. o Major bugfixes: - - Avoid crashing when, as a node without IPv6-exit support, a + - Avoid crashing when, as a relay without IPv6-exit support, a client insists on getting an IPv6 address or nothing. Fixes bug 7814; bugfix on 0.2.4.7-alpha. @@ -68,13 +74,14 @@ Changes in version 0.2.4.8-alpha - 2013-01-14 upon the number of hop-RTTs that a particular circuit type undergoes. Additionally, launch intro circuits in parallel if they timeout, and take the first one to reply as valid. - - Work correctly on unix systems where EAGAIN and EWOULDBLOCK are - separate error codes--or at least, don't break for that reason. + - Work correctly on Unix systems where EAGAIN and EWOULDBLOCK are + separate error codes; or at least, don't break for that reason. Fixes bug 7935. Reported by "oftc_must_be_destroyed". + - Update to the January 2 2013 Maxmind GeoLite Country database. o Minor features (testing): - Add benchmarks for DH (1024-bit multiplicative group) and ECDH - (P-256) diffie-hellman handshakes to src/or/bench. + (P-256) Diffie-Hellman handshakes to src/or/bench. - Add benchmark functions to test onion handshake performance. o Minor features (path bias detection): @@ -100,14 +107,14 @@ Changes in version 0.2.4.8-alpha - 2013-01-14 point, to avoid roundoff error and other issues. - Only record path bias information for circuits that have completed *two* hops. Assuming end-to-end tagging is the attack vector, this - makes us more resilient to ambient circuit failure without any + makes us more resilient to ambient circuit failure without any detection capability loss. - o Minor bugfixes: + o Minor bugfixes (log messages): - Rate-limit the "No circuits are opened. Relaxed timeout for a circuit with channel state open..." message to once per hour to keep it from filling the notice logs. Mitigates bug 7799 but does - not fix the underlying cause. Bugfix on 0.2.4.7-alpha. + not fix the underlying cause. Bugfix on 0.2.4.7-alpha. - Avoid spurious warnings when configuring multiple client ports of which only some are nonlocal. Previously, we had claimed that some were nonlocal when in fact they weren't. Fixes bug 7836; bugfix on diff --git a/changes/geoip-jan2013 b/changes/geoip-jan2013 deleted file mode 100644 index 45e5a150cc..0000000000 --- a/changes/geoip-jan2013 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the January 2 2013 Maxmind GeoLite Country database. - -- cgit v1.2.3-54-g00ecf