From bc17e9b6e0d9fa8827b72afc574c80f1a31237fd Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 27 Oct 2004 03:14:54 +0000 Subject: [PATCH] Clean TODO indentation svn:r2598 --- doc/TODO | 437 +++++++++++++++++++++++++++---------------------------- 1 file changed, 218 insertions(+), 219 deletions(-) diff --git a/doc/TODO b/doc/TODO index 18ba1c2828..9686ad23af 100644 --- a/doc/TODO +++ b/doc/TODO @@ -10,239 +10,238 @@ ARMA - arma claims D Deferred X Abandoned - 0.0.9pre4: - o Don't use FascistFirewall if you're going via Tor, or if - you're going via HttpProxy. - o make RecommendedVersions a CONFIG_TYPE_LINELIST option - o node 'groups' that are known to be in the same zone of control. - o Nodes can list their coadministrated nodes. - o If A lists B, it only counts if B also lists A - o Users can list other coadministrated nodes if they like. - o Never choose two coadministrated nodes in the same circuit. - o let tor servers use proxies for port 80 exits - o Use generic port redirector for IP/bits:Port->IP:Port . - o Make use of them when we're doing exit connections. - X We should set things in options to NULL, not rely on memset(...0) - being equivalent. - o We should check for memset(0) setting things to NULL with - autoconf, and then rely on it in the code. +0.0.9pre4: + o Don't use FascistFirewall if you're going via Tor, or if + you're going via HttpProxy. + o make RecommendedVersions a CONFIG_TYPE_LINELIST option + o node 'groups' that are known to be in the same zone of control. + o Nodes can list their coadministrated nodes. + o If A lists B, it only counts if B also lists A + o Users can list other coadministrated nodes if they like. + o Never choose two coadministrated nodes in the same circuit. + o let tor servers use proxies for port 80 exits + o Use generic port redirector for IP/bits:Port->IP:Port . + o Make use of them when we're doing exit connections. + X We should set things in options to NULL, not rely on memset(...0) + being equivalent. + o We should check for memset(0) setting things to NULL with + autoconf, and then rely on it in the code. - 0.0.9pre5/6: - o Replace running-routers with a router-status line that can be used - without a list of router descriptors. - o Add a log handler that sends stuff to syslog. - o Deprecate unofficial configuration abbrevs; make official abbrevs - only official on the command line. - - per-month byte allowances. -N - Based on bandwidth and per-month allowance, choose a - window within month to be up. Stay up until allowance is - used. Adjust next month's window based on outcome. Hibernate - when we're not up. -R - Hibernate means "stop accepting connections, and start sleeping" - Implement hibernation. Have a separate - about-to-start-hibernating state implemented in similar way to - will shut-down-in-30-seconds state. - - Rendezvous service bug: can we nail it down? -R . bandwidth buckets for write as well as read. -N - Make watchdogged clients check cached-directory mtime to avoid - fetching directory in a tight loop. - - Implement If-Modified-Since for directories. -N - Handle rendezvousing with unverified nodes. - - Specify: Stick rendezvous point's key in INTRODUCE cell. - Bob should _always_ use key from INTRODUCE cell. - - Implement. -R - figure out enclaves, e.g. so we know what to recommend that people - do, and so running a tor server on your website is helpful. - - Do enclaves for same IP only. - - Resolve first, then if IP is an OR, connect to next guy. -N - Pure C tor_resolve -N - the user interface interface - - Skeleton only. - - Implement parts along with trivial fun gui. -N - add ipv6 support. - - Spec issue: if a resolve returns an IP4 and an IP6 address, - which to use? -N&R - Update Spec -R - learn from ben about his openssl-reinitialization-trick to - rotate tls keys without making new connections. - - (Roger grabs Ben next time he sees him on IRC) - - christian grothoff's attack of infinite-length circuit. - the solution is to have a separate 'extend-data' cell type - which is used for the first N data cells, and only - extend-data cells can be extend requests. - - have a pool of circuits available, cannibalize them - for your purposes (e.g. rendezvous, etc). - D nt services on win32. - - Once we have a trusted directory on port 80, stop falling back to - forbidden ports when fascistfirewall blocks all good dirservers. +0.0.9pre5/6: + o Replace running-routers with a router-status line that can be used + without a list of router descriptors. + o Add a log handler that sends stuff to syslog. + o Deprecate unofficial configuration abbrevs; make official abbrevs + only official on the command line. + - per-month byte allowances. +N - Based on bandwidth and per-month allowance, choose a + window within month to be up. Stay up until allowance is + used. Adjust next month's window based on outcome. Hibernate + when we're not up. +R - Hibernate means "stop accepting connections, and start sleeping" + Implement hibernation. Have a separate + about-to-start-hibernating state implemented in similar way to + will shut-down-in-30-seconds state. + - Rendezvous service bug: can we nail it down? +R . bandwidth buckets for write as well as read. +N - Make watchdogged clients check cached-directory mtime to avoid + fetching directory in a tight loop. + - Implement If-Modified-Since for directories. +N - Handle rendezvousing with unverified nodes. + - Specify: Stick rendezvous point's key in INTRODUCE cell. + Bob should _always_ use key from INTRODUCE cell. + - Implement. +R - figure out enclaves, e.g. so we know what to recommend that people + do, and so running a tor server on your website is helpful. + - Do enclaves for same IP only. + - Resolve first, then if IP is an OR, connect to next guy. +N - Pure C tor_resolve +N - the user interface interface + - Skeleton only. + - Implement parts along with trivial fun gui. +N - add ipv6 support. + - Spec issue: if a resolve returns an IP4 and an IP6 address, + which to use? +N&R - Update Spec +R - learn from ben about his openssl-reinitialization-trick to + rotate tls keys without making new connections. + - (Roger grabs Ben next time he sees him on IRC) + - christian grothoff's attack of infinite-length circuit. + the solution is to have a separate 'extend-data' cell type + which is used for the first N data cells, and only + extend-data cells can be extend requests. + - have a pool of circuits available, cannibalize them + for your purposes (e.g. rendezvous, etc). + D nt services on win32. + - Once we have a trusted directory on port 80, stop falling back to + forbidden ports when fascistfirewall blocks all good dirservers. - 0.0.9 and beyond: - - fix sprintf's to snprintf's? - . Make intro points and rendezvous points accept $KEYID in addition - to nicknames. - o Specify - o Implement parsing - - Generate new formats (Not till 007 is dead) - - make loglevel info less noisy - - Facility to automatically choose long-term helper nodes; perhaps - on by default for hidden services. - - Make command-line strict about checking options; make only certain - option prefixes work. - - Rate-limit OR and directory connections overall and per-IP and - maybe per subnet. - - put expiry date on onion-key, so people don't keep trying - old ones that they could know are expired? -* Leave on todo list, see if pre3 onion fixes helped enough. - - should the running-routers list put unverified routers at the - end? -* Cosmetic, don't do it yet. - - make advertised_server_mode() ORs fetch dirs more often. -* not necessary yet. - - Add a notion of nickname->Pubkey binding that's not 'verification' -* eventually, only when needed - - ORs use uniquer default nicknames -* Don't worry about this for now - - Handle full buffers without totally borking -* do this eventually, no rush. - - do resolve before trying to attach the stream -* don't do this for now. - - if destination IP is running a tor node, extend a circuit there - before sending begin. -* don't do this for now. figure out how enclaves work. but do enclaves soon. - - Support egd or other non-OS-integrated strong entropy sources + 0.0.9 and beyond: + - fix sprintf's to snprintf's? + . Make intro points and rendezvous points accept $KEYID in addition + to nicknames. + o Specify + o Implement parsing + - Generate new formats (Not till 007 is dead) + - make loglevel info less noisy + - Facility to automatically choose long-term helper nodes; perhaps + on by default for hidden services. + - Make command-line strict about checking options; make only certain + option prefixes work. + - Rate-limit OR and directory connections overall and per-IP and + maybe per subnet. + - put expiry date on onion-key, so people don't keep trying + old ones that they could know are expired? + * Leave on todo list, see if pre3 onion fixes helped enough. + - should the running-routers list put unverified routers at the + end? + * Cosmetic, don't do it yet. + - make advertised_server_mode() ORs fetch dirs more often. + * not necessary yet. + - Add a notion of nickname->Pubkey binding that's not 'verification' + * eventually, only when needed + - ORs use uniquer default nicknames + * Don't worry about this for now + - Handle full buffers without totally borking + * do this eventually, no rush. + - do resolve before trying to attach the stream + * don't do this for now. + - if destination IP is running a tor node, extend a circuit there + before sending begin. + * don't do this for now. figure out how enclaves work. but do + enclaves soon. + - Support egd or other non-OS-integrated strong entropy sources - more features, complex: - - password protection for on-disk identity key - . Switch dirservers entries to config lines: - o read in and parse each TrustedDir config line. - o stop reading dirservers file. - o add some default TrustedDir lines if none defined, or if - no torrc. - o remove notion of ->is_trusted_dir from the routerlist. that's - no longer where you look. - o clean up router parsing flow, since it's simpler now? - o when checking signature on a directory, look it up in - options.TrustedDirs, and make sure there's a descriptor - with that nickname, whose key hashes to the fingerprint, - and who correctly signed the directory. - o when fetching a directory, if you want a trusted one, - choose from the trusteddir list. - o which means keeping track of which ones are "up" - ? if you don't need a trusted one, choose from the routerinfo - list if you have one, else from the trusteddir list. -* roger will do the above - - add a listener for a ui -* nick chats with weasel - - and a basic gui - - Have clients and dirservers preserve reputation info over - reboots. -* continue not doing until we have something we need to preserve - - round detected bandwidth up to nearest 10KB? - - client software not upload descriptor until: - - you've been running for an hour - - it's sufficiently satisfied with its bandwidth - - it decides it is reachable - - start counting again if your IP ever changes. - - never regenerate identity keys, for now. - - you can set a bit for not-being-an-OR. -* no need to do this yet. few people define their ORPort. - - authdirserver lists you as running iff: - - he can connect to you - - he has successfully extended to you - - you have sufficient mean-time-between-failures -* keep doing nothing for now. + more features, complex: + - password protection for on-disk identity key + . Switch dirservers entries to config lines: + o read in and parse each TrustedDir config line. + o stop reading dirservers file. + o add some default TrustedDir lines if none defined, or if + no torrc. + o remove notion of ->is_trusted_dir from the routerlist. that's + no longer where you look. + o clean up router parsing flow, since it's simpler now? + o when checking signature on a directory, look it up in + options.TrustedDirs, and make sure there's a descriptor + with that nickname, whose key hashes to the fingerprint, + and who correctly signed the directory. + o when fetching a directory, if you want a trusted one, + choose from the trusteddir list. + o which means keeping track of which ones are "up" + ? if you don't need a trusted one, choose from the routerinfo + list if you have one, else from the trusteddir list. + * roger will do the above + - add a listener for a ui, and a basic GUI + - and a basic gui + - Have clients and dirservers preserve reputation info over + reboots. + * continue not doing until we have something we need to preserve + - round detected bandwidth up to nearest 10KB? + - client software not upload descriptor until: + - you've been running for an hour + - it's sufficiently satisfied with its bandwidth + - it decides it is reachable + - start counting again if your IP ever changes. + - never regenerate identity keys, for now. + - you can set a bit for not-being-an-OR. + * no need to do this yet. few people define their ORPort. + - authdirserver lists you as running iff: + - he can connect to you + - he has successfully extended to you + - you have sufficient mean-time-between-failures + * keep doing nothing for now. - blue sky: - - Possible to get autoconf to easily install things into ~/.tor? + blue sky: + - Possible to get autoconf to easily install things into ~/.tor? - ongoing: - . rename/rearrange functions for what file they're in - - generalize our transport: add transport.c in preparation for - http, airhook, etc transport. + ongoing: + . rename/rearrange functions for what file they're in + - generalize our transport: add transport.c in preparation for + http, airhook, etc transport. NICK - investigate sctp for alternate transport. For September: NICK . Windows port - o works as client - - deal with pollhup / reached_eof on all platforms - . robust as a client - . works as server - - can be configured - - robust as a server - . Usable as NT service - - docs for building in win - - installer, including all needed libs. + o works as client + - deal with pollhup / reached_eof on all platforms + . robust as a client + . works as server + - can be configured + - robust as a server + . Usable as NT service + - docs for building in win + - installer, including all needed libs. - - Docs - . FAQ - o overview of tor. how does it work, what's it do, pros and - cons of using it, why should I use it, etc. - - a howto tutorial with examples -* put a stub on the wiki - o tutorial: how to set up your own tor network - o (need to not hardcode dirservers file in config.c) - - Make tutorial reflect this. - - port forwarding howto for ipchains, etc -* roger add to wiki of requests - . correct, update, polish spec - - document the exposed function api? - o document what we mean by socks. + - Docs + . FAQ + o overview of tor. how does it work, what's it do, pros and + cons of using it, why should I use it, etc. + - a howto tutorial with examples + * put a stub on the wiki + o tutorial: how to set up your own tor network + o (need to not hardcode dirservers file in config.c) + - Make tutorial reflect this. + - port forwarding howto for ipchains, etc + * roger add to wiki of requests + . correct, update, polish spec + - document the exposed function api? + o document what we mean by socks. -NICK . packages - . rpm -* nick will look at the spec file - - find a long-term rpm maintainer -* roger will start guilting people +N . packages + . rpm + * nick will look at the spec file + - find a long-term rpm maintainer + * roger will start guilting people - - code - - better warn/info messages - o let tor do resolves. - o extend socks4 to do resolves? - o make script to ask tor for resolves - - write howto for setting up tsocks, socat. - - including on osx and win32 - - freecap handling - - tsocks - o gather patches, submit to maintainer -* send him a reminder mail and see what's up. - - intercept gethostbyname and others -* add this to tsocks - o do resolve via tor - - redesign and thorough code revamp, with particular eye toward: - - support half-open tcp connections - - conn key rotation - - other transports -- http, airhook - - modular introduction mechanism - - allow non-clique topology + - code + - better warn/info messages + o let tor do resolves. + o extend socks4 to do resolves? + o make script to ask tor for resolves + - write howto for setting up tsocks, socat. + - including on osx and win32 + - freecap handling + - tsocks + o gather patches, submit to maintainer + * send him a reminder mail and see what's up. + - intercept gethostbyname and others + * add this to tsocks + o do resolve via tor + - redesign and thorough code revamp, with particular eye toward: + - support half-open tcp connections + - conn key rotation + - other transports -- http, airhook + - modular introduction mechanism + - allow non-clique topology Other details and small and hard things: - - tor should be able to have a pool of outgoing IP addresses - that it is able to rotate through. (maybe) - - tie into squid - - hidserv offerers shouldn't need to define a SocksPort -* figure out what breaks for this, and do it. - - when the client fails to pick an intro point for a hidserv, - it should refetch the hidserv desc. - . should maybe make clients exit(1) when bad things happen? - e.g. clock skew. - - should retry exitpolicy end streams even if the end cell didn't - resolve the address for you - . Make logs handle it better when writing to them fails. - o Dirserver shouldn't put you in running-routers list if you haven't - uploaded a descriptor recently - . Refactor: add own routerinfo to routerlist. Right now, only - router_get_by_nickname knows about 'this router', as a hack to - get circuit_launch_new to do the right thing. - . Scrubbing proxies - - Find an smtp proxy? - . Get socks4a support into Mozilla - - Need a relay teardown cell, separate from one-way ends. - - Make it harder to circumvent bandwidth caps: look at number of bytes - sent across sockets, not number sent inside TLS stream. - - fix router_get_by_* functions so they can get ourselves too, - and audit everything to make sure rend and intro points are - just as likely to be us as not. - + - tor should be able to have a pool of outgoing IP addresses + that it is able to rotate through. (maybe) + - tie into squid + - hidserv offerers shouldn't need to define a SocksPort + * figure out what breaks for this, and do it. + - when the client fails to pick an intro point for a hidserv, + it should refetch the hidserv desc. + . should maybe make clients exit(1) when bad things happen? + e.g. clock skew. + - should retry exitpolicy end streams even if the end cell didn't + resolve the address for you + . Make logs handle it better when writing to them fails. + o Dirserver shouldn't put you in running-routers list if you haven't + uploaded a descriptor recently + . Refactor: add own routerinfo to routerlist. Right now, only + router_get_by_nickname knows about 'this router', as a hack to + get circuit_launch_new to do the right thing. + . Scrubbing proxies + - Find an smtp proxy? + . Get socks4a support into Mozilla + - Need a relay teardown cell, separate from one-way ends. + - Make it harder to circumvent bandwidth caps: look at number of bytes + sent across sockets, not number sent inside TLS stream. + - fix router_get_by_* functions so they can get ourselves too, + and audit everything to make sure rend and intro points are + just as likely to be us as not. ***************************Future tasks:****************************