mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
Revise the first two (big) changelog entries
This commit is contained in:
Nick Mathewson
parent
990e15689f
commit
1efe822acc
101
ChangeLog
101
ChangeLog
@ -2,64 +2,77 @@ Changes in version 0.3.2.1-alpha - 2017-09-18
|
|||||||
Tor 0.3.2.1-alpha is the first release in the 0.3.2.x series. It
|
Tor 0.3.2.1-alpha is the first release in the 0.3.2.x series. It
|
||||||
includes support for our next-generation ("v3") onion service
|
includes support for our next-generation ("v3") onion service
|
||||||
protocol, and adds a new circuit scheduler for more responsive
|
protocol, and adds a new circuit scheduler for more responsive
|
||||||
forwarding decisions from relays. There are also numerous other
|
forwarding decisions from relays. There are also numerous other small
|
||||||
small features and bugfixes here.
|
features and bugfixes here.
|
||||||
|
|
||||||
Below are the changes since Tor 0.3.1.7.
|
Below are the changes since Tor 0.3.1.7.
|
||||||
|
|
||||||
o Major feature (scheduler, channel):
|
o Major feature (scheduler, channel):
|
||||||
- Introducing the KIST scheduler which stands for Kernel Informed
|
- Clients and relays now use new schedulers to decide which circuits
|
||||||
Socket Transport. It is only available on Linux systems. This
|
should deliver cells first. The first type is called "KIST"
|
||||||
comes from a researched and published paper you can find
|
("Kernel Informed Socket Transport"), and is only available on
|
||||||
here: http://www.robgjansen.com/publications/kist-sec2014.pdf
|
Linux-like systems: it uses feedback from the kernel to prevent
|
||||||
https://arxiv.org/abs/1709.01044 This is also a major refactoring
|
the kernel's TCP buffers from growing too full. The second new
|
||||||
of the entire scheduler subsystem in order for it to be more
|
scheduler type is called "KISTLite": it behaves the same as KIST,
|
||||||
modular and thus much more easier to add more scheduler type
|
but runs on systems without kernel support for inspecting TCP
|
||||||
later. The current scheduler has been named "Vanilla" but we favor
|
implementation details. The old scheduler is still available,
|
||||||
KIST if available in this version. A new torrc option has been
|
under the name "Vanilla". To change the default scheduler
|
||||||
added and named "Schedulers type1,type2,..." which allows a user
|
preference order, use the new "Schedulers" option. (The default
|
||||||
to select which scheduler type it wants tor to use. It is also
|
preference order is "KIST,KISTLite,Vanilla".)
|
||||||
possible to change it at runtime. It is an ordered list by
|
|
||||||
priority. KIST might not be available on all platforms so there is
|
Matt Traudt implemented KIST, based on research by Rob Jansen,
|
||||||
a fallback to "KISTLite" that uses the same mechanisms but without
|
John Geddes, Christ Wacek, Micah Sherr, and Paul Syverson. For
|
||||||
the kernel support. The current default values are: Schedulers
|
more information, see the design paper at
|
||||||
KIST,KISTLite,Vanilla. Closes ticket 12541.
|
http://www.robgjansen.com/publications/kist-sec2014.pdf and the
|
||||||
|
followup implementation paper at https://arxiv.org/abs/1709.01044.
|
||||||
|
Closes ticket 12541.
|
||||||
|
|
||||||
o Major features (next-generation onion services):
|
o Major features (next-generation onion services):
|
||||||
- Tor now supports the next-generation onion services protocol for
|
- Tor now supports the next-generation onion services protocol for
|
||||||
clients and services! As part of this release, the core of
|
clients and services! As part of this release, the core of
|
||||||
proposal 224 has been implemented and is available for
|
proposal 224 has been implemented and is available for
|
||||||
experimentation and testing by our users. This newer version of
|
experimentation and testing by our users. This newer version of
|
||||||
onion services (v3) features various improvements over the legacy
|
onion services ("v3") features many improvements over the legacy
|
||||||
system: a) Better crypto (replaced SHA1/DH/RSA1024 with
|
system, including:
|
||||||
SHA3/ed25519/curve25519) b) Improved directory protocol leaking
|
|
||||||
less to directory servers. c) Improved directory protocol with
|
a) Better crypto (replaced SHA1/DH/RSA1024
|
||||||
smaller surface for targeted attacks. d) Better onion address
|
with SHA3/ed25519/curve25519)
|
||||||
security against impersonation. e) More extensible
|
|
||||||
introduction/rendezvous protocol. f) A cleaner and more modular
|
b) Improved directory protocol, leaking much less information to
|
||||||
codebase. Furthermore, as part of this update, onion addresses
|
directory servers.
|
||||||
increase in length and are now 56 characters long:
|
|
||||||
4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion In
|
c) Improved directory protocol, with smaller surface for
|
||||||
the future, we will be releasing more options and features but we
|
targeted attacks.
|
||||||
first need a testing period, so that the current codebase matures
|
|
||||||
and becomes more robust. Here are some of the features we have
|
d) Better onion address security against impersonation.
|
||||||
planned: 1) Offline keys for onion services 2) Advanced client
|
|
||||||
authorization for onion services 3) Improved guard algorithm for
|
e) More extensible introduction/rendezvous protocol.
|
||||||
onion services 4) Next-gen onion service statistics Please see our
|
|
||||||
proposal for more details:
|
f) A cleaner and more modular codebase.
|
||||||
https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt
|
|
||||||
The default version for onion services remains v2 (the legacy
|
You can identify a next-generation onion address by its length:
|
||||||
system) until this new codebase gets tested and hardened. Service
|
they are56 characters long, as in
|
||||||
operators who want to experiment with the new system can use the
|
"4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion".
|
||||||
'HiddenServiceVersion 3' torrc directive along with the regular
|
|
||||||
onion service configuration options. We will publish a blog post
|
In the future, we will release more options and features for v3
|
||||||
about this new feature soon! Enjoy!
|
onion services, but we first need a testing period, so that the
|
||||||
|
current codebase matures and becomes more robust. Planned features
|
||||||
|
include: offline keys, advanced client authorization, improved
|
||||||
|
guard algorithms, and statistics. For full details, see
|
||||||
|
proposal 224.
|
||||||
|
|
||||||
|
Legacy ("v2") onion services will still work for the forseeable
|
||||||
|
future, and will remain the default until this new codebase gets
|
||||||
|
tested and hardened. Service operators who want to experiment with
|
||||||
|
the new system can use the 'HiddenServiceVersion 3' torrc
|
||||||
|
directive along with the regular onion service configuration
|
||||||
|
options. We will publish a blog post about this new feature
|
||||||
|
soon! Enjoy!
|
||||||
|
|
||||||
o Major bugfixes (usability, control port):
|
o Major bugfixes (usability, control port):
|
||||||
- Report trusted clock skew indications as bootstrap errors, so
|
- Report trusted clock skew indications as bootstrap errors, so
|
||||||
controllers can more easily alert users when their clocks are
|
controllers can more easily alert users when their clocks are
|
||||||
wrong. Fixes bug 23506; bugfix
|
wrong. Fixes bug 23506; bugfix on 0.1.2.6-alpha.
|
||||||
on 0.1.2.6-alpha.
|
|
||||||
|
|
||||||
o Minor features (bug detection):
|
o Minor features (bug detection):
|
||||||
- Log a warning message, with stack trace, for any attempt to call
|
- Log a warning message, with stack trace, for any attempt to call
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user