Legend: SPEC!! - Not specified SPEC - Spec not finalized NICK - nick claims ARMA - arma claims - Not done * Top priority . Partially done o Done D Deferred X Abandoned Flag-day changes: (things which are backward incompatible) o remove link key from directories, from connection_t. (just get it from the tls cert) o Generate link keys on startup; don't store them to disk. o make onion keys include oaep padding, so you can tell if you decrypted it correctly o Rotate onion keys as needed D Rotate TLS connections [arma] o Set expiration times on X509 certs [nickm] o add bandwidthrate and bandwidthburst to server descriptor [nickm] o directories need to say who signed them. [nickm] - remove assumption that 0.0.5 doesn't do rendezvous? D what other pieces of the descriptors need to change? maybe add a section for who's connected to a given router? add a flexible section for reputation info? For September: - Windows port - works as client - deal with pollhup / reached_eof on all platforms - robust as a client - works as server - can be configured - robust as a server - docs for building in win - installer? - Docs - FAQ - overview of tor. how does it work, what's it do, pros and cons of using it, why should I use it, etc. - a howto tutorial with examples - tutorial: how to set up your own tor network - (need to not hardcore dirservers file in config.c) - correct, update, polish spec - document the exposed function api? - document what we mean by socks. - packages - rpm - find a long-term rpm maintainer - code - better warn/info messages - let tor do resolves. - extend socks4 to do resolves? - make script to ask tor for resolves - tsocks - gather patches, submit to maintainer - intercept gethostbyname and others, do resolve via tor - redesign and thorough code revamp, with particular eye toward: - support half-open tcp connections - conn key rotation - other transports -- http, airhook - modular introduction mechanism - allow non-clique topology Other details and small things: . should maybe make clients exit(1) when bad things happen? e.g. clock skew. - should retry exitpolicy end streams even if the end cell didn't resolve the address for you - Add '[...truncated]' or similar to truncated log entries (like the directory in connection_dir_process_inbuf()). . Make logs handle it better when writing to them fails. - Dirserver shouldn't put you in running-routers list if you haven't uploaded a descriptor recently . Refactor: add own routerinfo to routerlist. Right now, only router_get_by_nickname knows about 'this router', as a hack to get circuit_launch_new to do the right thing. Rendezvous service: - preemptively build and start rendezvous circs - preemptively build n-1 hops of intro circs? - cannibalize general circs? - fix router_get_by_* functions so they can get ourselves too, and audit everything to make sure rend and intro points are just as likely to be us as not. In the distant future: . Scrubbing proxies - Find an smtp proxy? . Get socks4a support into Mozilla - migrate to using IPv6 sizes everywhere - handle half-open tcp conns - Extend by nickname/hostname/something, not by IP. - Need a relay teardown cell, separate from one-way ends. - Make it harder to circumvent bandwidth caps: look at number of bytes sent across sockets, not number sent inside TLS stream. - Look at having smallcells and largecells D Advanced directory servers D Automated reputation management D Figure out how to do threshold directory servers D jurisdiction info in dirserver entries? other info? X On the fly compression of each stream