From c7537ae8be7203799b4eb4c9ac3a356915c310b8 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 12 Feb 2008 04:45:11 +0000 Subject: r18043@catbus: nickm | 2008-02-11 23:45:07 -0500 Update TODO with TLS progress. svn:r13478 --- doc/TODO | 27 +++++---------------------- 1 file changed, 5 insertions(+), 22 deletions(-) (limited to 'doc') diff --git a/doc/TODO b/doc/TODO index 8d8859f0ab..463b83b8f4 100644 --- a/doc/TODO +++ b/doc/TODO @@ -60,32 +60,15 @@ R - then document the bridge user download timeline. N - Before the feature freeze: - 105+TLS, if possible. . TLS backend work - - New list of ciphers for clients - o Servers detect new ciphers, and only send ID cert when they - get an older cipher list, and only request client cert when - they get an older cipher list. - . Clients only send certificates when asked for them. - o Implement - - Enable - o Servers disable callback once negotiation is finished, so - that renegotiation happens according to the old rules. - o Clients initiate renegotiation immediately on completing - a v2 connection. - o Servers detect renegotiation, and if there is now a client - cert, they adust the client ID. - o Detect. - o Adjust. - o Better cname and organizationName generation. - o New revised handshake: post-TLS: - o start by sending VERSIONS cells - o once we have a version, send a netinfo and become open - o Ban most cell types on a non-OPEN connection. + . Enable. - Test o Verify version negotiation on client - - Verify version negotiation on server - . Verify that client->server connection becomes open + o Verify version negotiation on server + o Verify that client->server connection becomes open - Verify that server->server connection becomes open and authenticated. + - Verify that initiator sends no cert in first stage of TLS + handshake. - NETINFO fallout - Don't extend a circuit over a noncanonical connection with mismatched address. -- cgit v1.2.3-54-g00ecf