add a few todo items, move some around, answer nick's questions

svn:r14327
This commit is contained in:
Roger Dingledine 2008-04-09 04:32:01 +00:00
parent 95488380db
commit 7519a473da

View File

@ -132,6 +132,8 @@ Nick
- Finish buffer stuff in libevent; start using it in Tor.
- Tors start believing the contents of NETINFO cells.
- Get a "use less buffer ram" patch into openssl.
- Work with Steven and Roger to decide which parts of Paul's project
he wants to work on.
Matt
- Fit Vidalia in 640x480 again.
@ -164,6 +166,7 @@ Steven
- Keep bugging us about exploits on the .exit notation.
- If relays have 100KB/s but set relaybandwidthrate to 10KB/s, do your
interference attacks still work?
- Mike's question #3 on https://www.torproject.org/volunteer#Research
Andrew
- Which bundles include Torbutton? Change the docs/tor-doc-foo pages
@ -173,12 +176,12 @@ Andrew
include Torbutton, they still say it's tor.eff.org, etc.
- Should we still be telling you how to use Safari on OS X for Tor,
given all the holes that Torbutton-dev solves on Firefox?
- Get Google excited about our T&Cs.
Karsten
. Make a hidden services explanation page with the hidden service
diagrams. See img/THS-[1-6].png. These need some text to go along
with them though, so people can follow what's going on.
- Roger should review these
- We should consider a single config option TorPrivateNetwork that
turns on all the config options for running a private test tor
network. having to keep updating all the tools, and the docs,
@ -196,6 +199,8 @@ Weasel
Roger:
. Fix FAQ entry on setting up private Tor network
- Review Karsten's hidden service diagrams
- Prepare the 0.2.0.x Release Notes.
=======================================================================
@ -240,6 +245,14 @@ For 0.2.1.x:
- Draft proposal for GeoIP aggregation (see external constraints *)
- Separate Guard flags for "pick this as a new guard" and "keep this
as an existing guard". First investigate if we want this.
- Figure out how to make good use of the fallback consensus file. Right
now many of the addresses in the fallback consensus will be stale,
so it will take dozens of minutes to bootstrap from it. This is a
bad first Tor experience. But if we check the fallback consensus
file *after* we fail to connect to any authorities, then it may
still be valuable as a blocking-resistance step.
- Patch our tor.spec rpm package so it knows where to put the fallback
consensus file.
- Tiny designs to write:
- Better estimate of clock skew; has anonymity implications. Clients
@ -249,10 +262,9 @@ For 0.2.1.x:
- Do TLS connection rotation more often than "once a week" in the
extra-stable case.
- Items to backport to 0.2.0.x-rc once solved in 0.2.1.x:
R - Figure out the autoconf problem with adding a fallback consensus.
R - add a geoip file
W - figure out license
- Items to backport to 0.2.0.x once solved in 0.2.1.x:
R - add a geoip file *
W - figure out license *
- Use less RAM *
- Optimize cell pool allocation.
@ -276,8 +288,8 @@ W - figure out license
- Normalized cipher lists *
- Normalized lists of extensions *
- Tool improvements:
- Get a "use less buffer ram" patch into openssl.
- Get IOCP patch into libevent
- Get a "use less buffer ram" patch into openssl. *
- Get IOCP patch into libevent *
- Feature removals and deprecations:
- Get rid of the v1 directory stuff (making, serving, and caching)
@ -319,7 +331,6 @@ P - create a "make win32-bundle" for vidalia-privoxy-tor-torbutton bundle
- chroot yourself, including inhibit trying to read config file
and reopen logs, unless they are under datadir.
- Should be trivial:
- Base relative control socket paths (and other stuff in torrc) on datadir.
- Tor logs the libevent version on startup, for debugging purposes.
@ -334,18 +345,25 @@ P - create a "make win32-bundle" for vidalia-privoxy-tor-torbutton bundle
Later, unless people want to implement them now:
- Actually use SSL_shutdown to close our TLS connections.
- Polipo vs Privoxy
- switch out privoxy in the bundles and replace it with polipo.
- Consider creating special Tor-Polipo-Vidalia test packages,
requested by Dmitri Vitalev (does torbrowser meet this need?)
- Include "v" line in networkstatus getinfo values.
[Nick: bridge authorities output a networkstatus that is missing
version numbers. This is inconvenient if we want to make sure
bridgedb gives out bridges with certain characteristics. -RD]
- Let tor dir mirrors proxy connections to the tor download site, so
if you know a bridge you can fetch the tor software.
- when somebody uses the controlport as an http proxy, give them
a "tor isn't an http proxy" error too like we do for the socks port.
Can anybody remember why we wanted to do this and/or what it means?
- config option __ControllerLimit that hangs up if there are a limit
of controller connections already.
[This was mwenge's idea. The idea is that a Tor controller can
"fill" Tor's controller slot quota, so jerks can't do cross-protocol
attacks like the http form attack. -RD]
- configurable timestamp granularity. defaults to 'seconds'.
[This was Nick's idea. The idea to make the log timestamps much more
vague, so by default they don't help timing attacks much even if
they're leaked. -RD]
* * * *
@ -379,8 +397,6 @@ Can anybody remember why we wanted to do this and/or what it means?
d Limit to 2 dir, 2 OR, N SOCKS connections per IP.
- Or maybe close connections from same IP when we get a lot from one.
- Or maybe block IPs that connect too many times at once.
- when somebody uses the controlport as an http proxy, give them
a "tor isn't an http proxy" error too like we do for the socks port.
- we try to build 4 test circuits to break them over different
servers. but sometimes our entry node is the same for multiple
test circuits. this defeats the point.