1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
Legend:
SPEC!! - Not specified
SPEC - Spec not finalized
NICK - nick claims
ARMA - arma claims
- Not done
* Top priority
. Partially done
o Done
D Deferred
X Abandoned
. Use a stronger cipher
o 3des for now
- aes when we everybody has openssl 0.9.7
. Topics / circuits
o Implement topics
o Rotate circuits after N minutes?
X Circuits should expire when circuit->expire triggers
NICK . Handle half-open connections
- Figure out what causes connections to close, standardize
when we mark a connection vs when we tear it down
o Look at what ssl does to keep from mutating data streams
X On the fly compression of each stream
o Clean up the event loop (optimize and sanitize)
ARMA o Remove that awful concept of 'roles'
ARMA . Exit policies
o Spec how to write the exit policies
- Path selection algorithms
- Let user request certain nodes
- And disallow certain nodes
D Choose path by jurisdiction, etc?
- Rewrite how the AP works
SPEC!! D Non-clique topologies
D Implement our own memory management, at least for common structs
. Appropriate logging
- Come up with convention for what log level means what
- Make code follow convention
o Terminology
o Circuits, topics, cells stay named that
o 'Connection' gets divided, or renamed, or something?
. DNS farm
o Distribute queries onto the farm, get answers
o Preemptively grow a new worker before he's needed
- Prune workers when too many are idle
- DNS cache
- Clear DNS cache over time
- Honor DNS TTL info
- Have strategy when all workers are busy
o Keep track of which connections are in dns_wait
o Need to cache positives/negatives on the tor side
o Keep track of which queries have been asked
. Better error handling when
. An address doesn't resolve
- We have max workers running
- Consider taking the master out of the loop?
. Directory servers
D Automated reputation management
. Include key in source; sign directories
o Signed directory backend
o Document
ARMA - Integrate
- Add versions to code
NICK . Have directories list recommended-versions
o Include (unused) line in directories
o Check for presence of line.
- Quit if running the wrong version
- Command-line option to override quit
. Add more information to directory server entries
o Exit policies
D jurisdiction? others?
SPEC!! D Figure out how to do threshold directory servers
. Scrubbing proxies
- Find an smtp proxy?
- Check the old smtp proxy code
o Find an ftp proxy? wget --passive
D Wait until there are packet redirectors for Linux
. Get socks4a support into Mozilla
. Get tor to act like a socks server
o socks4, socks4a
- socks5
SPEC!! - Handle socks commands other than connect, eg, bind?
- Develop rendezvous points
D Implement reply onions
D Deploy and manage open source development site.
. Documentation
o Discussion of socks, tsocks, etc
o On-the-network protocol
o Onions
o Cells
. Better comments for functions!
- Tests
o Testing harness/infrastructure
NICK . Unit tests
D System tests (how?)
- Performance tests, so we know when we've improved
. webload infrastructure (Bruce)
. httperf infrastructure (easy to set up)
. oprofile (installed in RH 8.0)
D Deploy a widespread network
. Router twins
o Choose twin if primary is down, when laying circuit
D Load balancing between twins
- Keep track of load over links/nodes, to
know who's hosed
NICK - Daemonize and package
o Teach it to fork and background
- Red Hat spec file
- Debian spec file equivalent
. Autoconf
. Which .h files are we actually using? Port to:
o Linux
o BSD
. Solaris
. Windows
NICK . OS X
- openssl randomness
- inet_ntoa, stdint.h
- Make a script to set up a local network on your machine
D Move away from openssl
o Abstract out crypto calls
D Look at nss, others? Just include code?
. transition addr to sin_addr (huh?)
. Clean up the number of places that get to look at prkey
. Clearer bandwidth management
- Total rate limiting
. Look at OR handshake in more detail
o Spec it
o Merge OR and OP handshakes
- rearrange connection_or so it doesn't suck so much to read
D Periodic link key rotation. Spec?
- More flexibility in node addressing
D Support IPv6 rather than just 4
- Handle multihomed servers (config variable to set IP)
. Move from onions to ephemeral DH
o incremental path building
o transition circuit-level sendmes to hop-level sendmes
- implement truncate, truncated
o move from 192byte DH to 128byte DH, so it isn't so damn slow
- exiting from not-last hop
- OP logic to decide to extend/truncate a path
- make sure exiting from the not-last hop works
- logic to find last *open* hop, not last hop, in cpath
- choose exit nodes by exit policies
o wrap malloc with something that explodes when it fails
|