nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 21:23:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Clean TODO indentation

Browse Source 
svn:r2598
This commit is contained in:
Nick Mathewson 2004-10-27 03:14:54 +00:00
parent ec81c56eef
commit bc17e9b6e0
1 changed files with 218 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

437
doc/TODO
View File

@ -10,239 +10,238 @@ ARMA - arma claims
D Deferred
X Abandoned
0.0.9pre4:
o Don't use FascistFirewall if you're going via Tor, or if
you're going via HttpProxy.
o make RecommendedVersions a CONFIG_TYPE_LINELIST option
o node 'groups' that are known to be in the same zone of control.
o Nodes can list their coadministrated nodes.
o If A lists B, it only counts if B also lists A
o Users can list other coadministrated nodes if they like.
o Never choose two coadministrated nodes in the same circuit.
o let tor servers use proxies for port 80 exits
o Use generic port redirector for IP/bits:Port->IP:Port .
o Make use of them when we're doing exit connections.
X We should set things in options to NULL, not rely on memset(...0)
being equivalent.
o We should check for memset(0) setting things to NULL with
autoconf, and then rely on it in the code.
0.0.9pre4:
o Don't use FascistFirewall if you're going via Tor, or if
you're going via HttpProxy.
o make RecommendedVersions a CONFIG_TYPE_LINELIST option
o node 'groups' that are known to be in the same zone of control.
o Nodes can list their coadministrated nodes.
o If A lists B, it only counts if B also lists A
o Users can list other coadministrated nodes if they like.
o Never choose two coadministrated nodes in the same circuit.
o let tor servers use proxies for port 80 exits
o Use generic port redirector for IP/bits:Port->IP:Port .
o Make use of them when we're doing exit connections.
X We should set things in options to NULL, not rely on memset(...0)
being equivalent.
o We should check for memset(0) setting things to NULL with
autoconf, and then rely on it in the code.
0.0.9pre5/6:
o Replace running-routers with a router-status line that can be used
without a list of router descriptors.
o Add a log handler that sends stuff to syslog.
o Deprecate unofficial configuration abbrevs; make official abbrevs
only official on the command line.
- per-month byte allowances.
N - Based on bandwidth and per-month allowance, choose a
window within month to be up. Stay up until allowance is
used. Adjust next month's window based on outcome. Hibernate
when we're not up.
R - Hibernate means "stop accepting connections, and start sleeping"
Implement hibernation. Have a separate
about-to-start-hibernating state implemented in similar way to
will shut-down-in-30-seconds state.
- Rendezvous service bug: can we nail it down?
R . bandwidth buckets for write as well as read.
N - Make watchdogged clients check cached-directory mtime to avoid
fetching directory in a tight loop.
- Implement If-Modified-Since for directories.
N - Handle rendezvousing with unverified nodes.
- Specify: Stick rendezvous point's key in INTRODUCE cell.
Bob should _always_ use key from INTRODUCE cell.
- Implement.
R - figure out enclaves, e.g. so we know what to recommend that people
do, and so running a tor server on your website is helpful.
- Do enclaves for same IP only.
- Resolve first, then if IP is an OR, connect to next guy.
N - Pure C tor_resolve
N - the user interface interface
- Skeleton only.
- Implement parts along with trivial fun gui.
N - add ipv6 support.
- Spec issue: if a resolve returns an IP4 and an IP6 address,
which to use?
N&R - Update Spec
R - learn from ben about his openssl-reinitialization-trick to
rotate tls keys without making new connections.
- (Roger grabs Ben next time he sees him on IRC)
- christian grothoff's attack of infinite-length circuit.
the solution is to have a separate 'extend-data' cell type
which is used for the first N data cells, and only
extend-data cells can be extend requests.
- have a pool of circuits available, cannibalize them
for your purposes (e.g. rendezvous, etc).
D nt services on win32.
- Once we have a trusted directory on port 80, stop falling back to
forbidden ports when fascistfirewall blocks all good dirservers.
0.0.9pre5/6:
o Replace running-routers with a router-status line that can be used
without a list of router descriptors.
o Add a log handler that sends stuff to syslog.
o Deprecate unofficial configuration abbrevs; make official abbrevs
only official on the command line.
- per-month byte allowances.
N - Based on bandwidth and per-month allowance, choose a
window within month to be up. Stay up until allowance is
used. Adjust next month's window based on outcome. Hibernate
when we're not up.
R - Hibernate means "stop accepting connections, and start sleeping"
Implement hibernation. Have a separate
about-to-start-hibernating state implemented in similar way to
will shut-down-in-30-seconds state.
- Rendezvous service bug: can we nail it down?
R . bandwidth buckets for write as well as read.
N - Make watchdogged clients check cached-directory mtime to avoid
fetching directory in a tight loop.
- Implement If-Modified-Since for directories.
N - Handle rendezvousing with unverified nodes.
- Specify: Stick rendezvous point's key in INTRODUCE cell.
Bob should _always_ use key from INTRODUCE cell.
- Implement.
R - figure out enclaves, e.g. so we know what to recommend that people
do, and so running a tor server on your website is helpful.
- Do enclaves for same IP only.
- Resolve first, then if IP is an OR, connect to next guy.
N - Pure C tor_resolve
N - the user interface interface
- Skeleton only.
- Implement parts along with trivial fun gui.
N - add ipv6 support.
- Spec issue: if a resolve returns an IP4 and an IP6 address,
which to use?
N&R - Update Spec
R - learn from ben about his openssl-reinitialization-trick to
rotate tls keys without making new connections.
- (Roger grabs Ben next time he sees him on IRC)
- christian grothoff's attack of infinite-length circuit.
the solution is to have a separate 'extend-data' cell type
which is used for the first N data cells, and only
extend-data cells can be extend requests.
- have a pool of circuits available, cannibalize them
for your purposes (e.g. rendezvous, etc).
D nt services on win32.
- Once we have a trusted directory on port 80, stop falling back to
forbidden ports when fascistfirewall blocks all good dirservers.
0.0.9 and beyond:
- fix sprintf's to snprintf's?
. Make intro points and rendezvous points accept $KEYID in addition
to nicknames.
o Specify
o Implement parsing
- Generate new formats (Not till 007 is dead)
- make loglevel info less noisy
- Facility to automatically choose long-term helper nodes; perhaps
on by default for hidden services.
- Make command-line strict about checking options; make only certain
option prefixes work.
- Rate-limit OR and directory connections overall and per-IP and
maybe per subnet.
- put expiry date on onion-key, so people don't keep trying
old ones that they could know are expired?
* Leave on todo list, see if pre3 onion fixes helped enough.
- should the running-routers list put unverified routers at the
end?
* Cosmetic, don't do it yet.
- make advertised_server_mode() ORs fetch dirs more often.
* not necessary yet.
- Add a notion of nickname->Pubkey binding that's not 'verification'
* eventually, only when needed
- ORs use uniquer default nicknames
* Don't worry about this for now
- Handle full buffers without totally borking
* do this eventually, no rush.
- do resolve before trying to attach the stream
* don't do this for now.
- if destination IP is running a tor node, extend a circuit there
before sending begin.
* don't do this for now. figure out how enclaves work. but do enclaves soon.
- Support egd or other non-OS-integrated strong entropy sources
0.0.9 and beyond:
- fix sprintf's to snprintf's?
. Make intro points and rendezvous points accept $KEYID in addition
to nicknames.
o Specify
o Implement parsing
- Generate new formats (Not till 007 is dead)
- make loglevel info less noisy
- Facility to automatically choose long-term helper nodes; perhaps
on by default for hidden services.
- Make command-line strict about checking options; make only certain
option prefixes work.
- Rate-limit OR and directory connections overall and per-IP and
maybe per subnet.
- put expiry date on onion-key, so people don't keep trying
old ones that they could know are expired?
* Leave on todo list, see if pre3 onion fixes helped enough.
- should the running-routers list put unverified routers at the
end?
* Cosmetic, don't do it yet.
- make advertised_server_mode() ORs fetch dirs more often.
* not necessary yet.
- Add a notion of nickname->Pubkey binding that's not 'verification'
* eventually, only when needed
- ORs use uniquer default nicknames
* Don't worry about this for now
- Handle full buffers without totally borking
* do this eventually, no rush.
- do resolve before trying to attach the stream
* don't do this for now.
- if destination IP is running a tor node, extend a circuit there
before sending begin.
* don't do this for now. figure out how enclaves work. but do
enclaves soon.
- Support egd or other non-OS-integrated strong entropy sources
more features, complex:
- password protection for on-disk identity key
. Switch dirservers entries to config lines:
o read in and parse each TrustedDir config line.
o stop reading dirservers file.
o add some default TrustedDir lines if none defined, or if
no torrc.
o remove notion of ->is_trusted_dir from the routerlist. that's
no longer where you look.
o clean up router parsing flow, since it's simpler now?
o when checking signature on a directory, look it up in
options.TrustedDirs, and make sure there's a descriptor
with that nickname, whose key hashes to the fingerprint,
and who correctly signed the directory.
o when fetching a directory, if you want a trusted one,
choose from the trusteddir list.
o which means keeping track of which ones are "up"
? if you don't need a trusted one, choose from the routerinfo
list if you have one, else from the trusteddir list.
* roger will do the above
- add a listener for a ui
* nick chats with weasel
- and a basic gui
- Have clients and dirservers preserve reputation info over
reboots.
* continue not doing until we have something we need to preserve
- round detected bandwidth up to nearest 10KB?
- client software not upload descriptor until:
- you've been running for an hour
- it's sufficiently satisfied with its bandwidth
- it decides it is reachable
- start counting again if your IP ever changes.
- never regenerate identity keys, for now.
- you can set a bit for not-being-an-OR.
* no need to do this yet. few people define their ORPort.
- authdirserver lists you as running iff:
- he can connect to you
- he has successfully extended to you
- you have sufficient mean-time-between-failures
* keep doing nothing for now.
more features, complex:
- password protection for on-disk identity key
. Switch dirservers entries to config lines:
o read in and parse each TrustedDir config line.
o stop reading dirservers file.
o add some default TrustedDir lines if none defined, or if
no torrc.
o remove notion of ->is_trusted_dir from the routerlist. that's
no longer where you look.
o clean up router parsing flow, since it's simpler now?
o when checking signature on a directory, look it up in
options.TrustedDirs, and make sure there's a descriptor
with that nickname, whose key hashes to the fingerprint,
and who correctly signed the directory.
o when fetching a directory, if you want a trusted one,
choose from the trusteddir list.
o which means keeping track of which ones are "up"
? if you don't need a trusted one, choose from the routerinfo
list if you have one, else from the trusteddir list.
* roger will do the above
- add a listener for a ui, and a basic GUI
- and a basic gui
- Have clients and dirservers preserve reputation info over
reboots.
* continue not doing until we have something we need to preserve
- round detected bandwidth up to nearest 10KB?
- client software not upload descriptor until:
- you've been running for an hour
- it's sufficiently satisfied with its bandwidth
- it decides it is reachable
- start counting again if your IP ever changes.
- never regenerate identity keys, for now.
- you can set a bit for not-being-an-OR.
* no need to do this yet. few people define their ORPort.
- authdirserver lists you as running iff:
- he can connect to you
- he has successfully extended to you
- you have sufficient mean-time-between-failures
* keep doing nothing for now.
blue sky:
- Possible to get autoconf to easily install things into ~/.tor?
blue sky:
- Possible to get autoconf to easily install things into ~/.tor?
ongoing:
. rename/rearrange functions for what file they're in
- generalize our transport: add transport.c in preparation for
http, airhook, etc transport.
ongoing:
. rename/rearrange functions for what file they're in
- generalize our transport: add transport.c in preparation for
http, airhook, etc transport.
NICK - investigate sctp for alternate transport.
For September:
NICK . Windows port
o works as client
- deal with pollhup / reached_eof on all platforms
. robust as a client
. works as server
- can be configured
- robust as a server
. Usable as NT service
- docs for building in win
- installer, including all needed libs.
o works as client
- deal with pollhup / reached_eof on all platforms
. robust as a client
. works as server
- can be configured
- robust as a server
. Usable as NT service
- docs for building in win
- installer, including all needed libs.
- Docs
. FAQ
o overview of tor. how does it work, what's it do, pros and
cons of using it, why should I use it, etc.
- a howto tutorial with examples
* put a stub on the wiki
o tutorial: how to set up your own tor network
o (need to not hardcode dirservers file in config.c)
- Make tutorial reflect this.
- port forwarding howto for ipchains, etc
* roger add to wiki of requests
. correct, update, polish spec
- document the exposed function api?
o document what we mean by socks.
- Docs
. FAQ
o overview of tor. how does it work, what's it do, pros and
cons of using it, why should I use it, etc.
- a howto tutorial with examples
* put a stub on the wiki
o tutorial: how to set up your own tor network
o (need to not hardcode dirservers file in config.c)
- Make tutorial reflect this.
- port forwarding howto for ipchains, etc
* roger add to wiki of requests
. correct, update, polish spec
- document the exposed function api?
o document what we mean by socks.
NICK . packages
. rpm
* nick will look at the spec file
- find a long-term rpm maintainer
* roger will start guilting people
N . packages
. rpm
* nick will look at the spec file
- find a long-term rpm maintainer
* roger will start guilting people
- code
- better warn/info messages
o let tor do resolves.
o extend socks4 to do resolves?
o make script to ask tor for resolves
- write howto for setting up tsocks, socat.
- including on osx and win32
- freecap handling
- tsocks
o gather patches, submit to maintainer
* send him a reminder mail and see what's up.
- intercept gethostbyname and others
* add this to tsocks
o do resolve via tor
- redesign and thorough code revamp, with particular eye toward:
- support half-open tcp connections
- conn key rotation
- other transports -- http, airhook
- modular introduction mechanism
- allow non-clique topology
- code
- better warn/info messages
o let tor do resolves.
o extend socks4 to do resolves?
o make script to ask tor for resolves
- write howto for setting up tsocks, socat.
- including on osx and win32
- freecap handling
- tsocks
o gather patches, submit to maintainer
* send him a reminder mail and see what's up.
- intercept gethostbyname and others
* add this to tsocks
o do resolve via tor
- redesign and thorough code revamp, with particular eye toward:
- support half-open tcp connections
- conn key rotation
- other transports -- http, airhook
- modular introduction mechanism
- allow non-clique topology
Other details and small and hard things:
- tor should be able to have a pool of outgoing IP addresses
that it is able to rotate through. (maybe)
- tie into squid
- hidserv offerers shouldn't need to define a SocksPort
* figure out what breaks for this, and do it.
- when the client fails to pick an intro point for a hidserv,
it should refetch the hidserv desc.
. should maybe make clients exit(1) when bad things happen?
e.g. clock skew.
- should retry exitpolicy end streams even if the end cell didn't
resolve the address for you
. Make logs handle it better when writing to them fails.
o Dirserver shouldn't put you in running-routers list if you haven't
uploaded a descriptor recently
. Refactor: add own routerinfo to routerlist. Right now, only
router_get_by_nickname knows about 'this router', as a hack to
get circuit_launch_new to do the right thing.
. Scrubbing proxies
- Find an smtp proxy?
. Get socks4a support into Mozilla
- Need a relay teardown cell, separate from one-way ends.
- Make it harder to circumvent bandwidth caps: look at number of bytes
sent across sockets, not number sent inside TLS stream.
- fix router_get_by_* functions so they can get ourselves too,
and audit everything to make sure rend and intro points are
just as likely to be us as not.
- tor should be able to have a pool of outgoing IP addresses
that it is able to rotate through. (maybe)
- tie into squid
- hidserv offerers shouldn't need to define a SocksPort
* figure out what breaks for this, and do it.
- when the client fails to pick an intro point for a hidserv,
it should refetch the hidserv desc.
. should maybe make clients exit(1) when bad things happen?
e.g. clock skew.
- should retry exitpolicy end streams even if the end cell didn't
resolve the address for you
. Make logs handle it better when writing to them fails.
o Dirserver shouldn't put you in running-routers list if you haven't
uploaded a descriptor recently
. Refactor: add own routerinfo to routerlist. Right now, only
router_get_by_nickname knows about 'this router', as a hack to
get circuit_launch_new to do the right thing.
. Scrubbing proxies
- Find an smtp proxy?
. Get socks4a support into Mozilla
- Need a relay teardown cell, separate from one-way ends.
- Make it harder to circumvent bandwidth caps: look at number of bytes
sent across sockets, not number sent inside TLS stream.
- fix router_get_by_* functions so they can get ourselves too,
and audit everything to make sure rend and intro points are
just as likely to be us as not.
***************************Future tasks:****************************