|
|
@@ -11,39 +11,11 @@ ARMA - arma claims
|
|
|
D Deferred
|
|
|
X Abandoned
|
|
|
|
|
|
-For scalability:
|
|
|
- - Slightly smarter bandwidth management: use link capacity
|
|
|
- intelligently.
|
|
|
- - Handle full buffers without totally borking
|
|
|
-
|
|
|
-For 0.0.8:
|
|
|
-
|
|
|
- milestone 2:
|
|
|
+ misc:
|
|
|
. refer to things by key:
|
|
|
- o extend cells need ip:port:identitykeyhash.
|
|
|
- o Lookup routers and connections by key digest; accept hex
|
|
|
- key digest in place of nicknames.
|
|
|
- o Audit all uses of lookup-by-hostname and lookup-by-addr-port
|
|
|
- to search by digest when appropriate.
|
|
|
- o make sure to use addr/port in cpuworker tasks, because
|
|
|
- OPs don't have keys.
|
|
|
- o and fix the function comments in rephist
|
|
|
- o Rep-hist functions need to store info by keyid
|
|
|
- also use this in intro points and rendezvous points, and
|
|
|
hidserv descs. [XXXX This isn't enough.]
|
|
|
- figure out what to do about ip:port:differentkey
|
|
|
- o ORs connect on demand. attach circuits to new connections, keep
|
|
|
- create cells around somewhere, send destroy if fail.
|
|
|
- o nickname defaults to first piece of hostname
|
|
|
- o running-routers list refers to nickname if verified, else
|
|
|
- hash-base64'ed.
|
|
|
- o Mark routers as verified or unverified based on whether
|
|
|
- running-routers list includes nickname or id hash.
|
|
|
- o put OR uptime in descriptor
|
|
|
- o name the secret-key directory something to discourage people
|
|
|
- from mailing their identity key to tor-ops
|
|
|
-
|
|
|
- milestone 3:
|
|
|
- users can set their bandwidth, or we auto-detect it:
|
|
|
- advertised bandwidth defaults to 10KB
|
|
|
o advertised bandwidth is the min of max seen in each direction
|
|
|
@@ -63,50 +35,54 @@ NICK - Reputation info needs to give better weight to recent events than
|
|
|
- Have clients and dirservers preserve reputation info over
|
|
|
reboots.
|
|
|
- clients choose nodes proportional to advertised bandwidth
|
|
|
- o authdirserver includes descriptor.
|
|
|
- and lists as running iff:
|
|
|
- he can connect to you
|
|
|
- he has successfully extended to you
|
|
|
- you have sufficient mean-time-between-failures
|
|
|
- - Don't accept ORs with nicknames same as verified ORs' nicknames.
|
|
|
- - add new "Middleman 1" config variable?
|
|
|
- o if torrc not found, exitpolicy reject *:*
|
|
|
- o change if(options.ORPort) to what we really mean.
|
|
|
- o same with socksport.
|
|
|
- o get contrib/tor_resolve into the tarball and installed
|
|
|
- o and working
|
|
|
|
|
|
- post pre1:
|
|
|
- - Possible to get autoconf to easily install things into ~/.tor?
|
|
|
- o when we sigint tor, the dns/cpuworkers don't intercept sigint?
|
|
|
- - "AcceptOnlyVerifiedRouters" config option?
|
|
|
+ docs:
|
|
|
+ - faq and doc-wiki
|
|
|
+ - knoppix distro
|
|
|
+ - win32 installer using privoxy's installer
|
|
|
+
|
|
|
+ bug fixes, necessary:
|
|
|
+ - Why is the first entry of kill -USR1 a router with a 0 key?
|
|
|
- why does common/util.c build-depend on or/or.h ?
|
|
|
- - ORs use uniquer default nicknames
|
|
|
- - Tors deal appropriately when a newly-verified router has the
|
|
|
- same nickname as another router they know about
|
|
|
- X 007 can't extend to unverified 008. they will never be able to.
|
|
|
+
|
|
|
+ bug fixes, might be handy:
|
|
|
+ - put expiry date on onion-key, so people don't keep trying
|
|
|
+ old ones that they could know are expired?
|
|
|
+ - should the running-routers list put unverified routers at the
|
|
|
+ end?
|
|
|
+ - make advertised_server_mode() ORs fetch dirs more often.
|
|
|
- if a begin failed due to exit policy, but we believe the IP
|
|
|
should have been allowed, switch that router to exitpolicy
|
|
|
reject *:* until we get our next directory.
|
|
|
- - make advertised_server_mode() ORs fetch dirs more often.
|
|
|
- - should the running-routers list put unverified routers at the
|
|
|
- end?
|
|
|
- - tor-resolve needs a man page
|
|
|
- o tor-resolve should make use of cached answers?
|
|
|
- - defining an ORPort isn't necessary anymore, if you use
|
|
|
- ORAddress:port. Same with DirPort, SocksPort.
|
|
|
+ - Tors deal appropriately when a newly-verified router has the
|
|
|
+ same nickname as another router they know about
|
|
|
+ - ORs use uniquer default nicknames
|
|
|
+ - Handle full buffers without totally borking
|
|
|
+ - Add '[...truncated]' or similar to truncated log entries (like the directory
|
|
|
+ in connection_dir_process_inbuf()).
|
|
|
+
|
|
|
+ more features, easy:
|
|
|
+ - check the date in the http headers, compare for clock skew.
|
|
|
- requiredentrynode vs preferredentrynode
|
|
|
- per-month byte allowances
|
|
|
- o if using not-socks4a then warn, once.
|
|
|
- o if unverified server then warn, once.
|
|
|
- - add a listener for a ui
|
|
|
- - and a basic gui
|
|
|
- - faq and doc-wiki
|
|
|
- - knoppix distro
|
|
|
- - win32 installer using privoxy's installer
|
|
|
+ - tor-resolve needs a man page
|
|
|
+ - "AllowUnverifiedRouters" config option
|
|
|
+ - Parse it into a bitvector
|
|
|
+ - Consider it when picking nodes for your path
|
|
|
+ - have a pool of circuits available, cannibalize them
|
|
|
+ for your purposes (e.g. rendezvous, etc).
|
|
|
|
|
|
- o win32 problems with pre1
|
|
|
- o asn.1 issues?
|
|
|
+ more features, complex:
|
|
|
+ - defining an ORPort isn't necessary anymore, if you use
|
|
|
+ ORAddress:port. Same with DirPort, SocksPort.
|
|
|
+ - compress the directory. client sends http header
|
|
|
+ "accept-transfer-encoding: gzip", server might send http header
|
|
|
+ "transfer-encoding: gzip". ta-da.
|
|
|
+ - grow a zlib dependency. keep a cached compressed directory.
|
|
|
- Switch dirservers entries to config lines:
|
|
|
- read in and parse each TrustedDir config line.
|
|
|
- stop reading dirservers file.
|
|
|
@@ -124,17 +100,11 @@ NICK - Reputation info needs to give better weight to recent events than
|
|
|
- which means keeping track of which ones are "up"
|
|
|
- if you don't need a trusted one, choose from the routerinfo
|
|
|
list if you have one, else from the trusteddir list.
|
|
|
- - compress the directory. client sends http header
|
|
|
- "accept-transfer-encoding: gzip", server might send http header
|
|
|
- "transfer-encoding: gzip". ta-da.
|
|
|
- - grow a zlib dependency. keep a cached compressed directory.
|
|
|
- - Why is the first entry of kill -USR1 a router with a 0 key?
|
|
|
- o don't warn about being unverified if you're not in the
|
|
|
- running-routers list at all.
|
|
|
- - put expiry date on onion-key, so people don't keep trying
|
|
|
- old ones that they could know are expired?
|
|
|
- - check the date in the http headers, compare for clock skew.
|
|
|
+ - add a listener for a ui
|
|
|
+ - and a basic gui
|
|
|
|
|
|
+ blue sky:
|
|
|
+ - Possible to get autoconf to easily install things into ~/.tor?
|
|
|
|
|
|
ongoing:
|
|
|
. rename/rearrange functions for what file they're in
|
|
|
@@ -162,7 +132,7 @@ NICK . Windows port
|
|
|
- (need to not hardcode dirservers file in config.c)
|
|
|
. correct, update, polish spec
|
|
|
- document the exposed function api?
|
|
|
- - document what we mean by socks.
|
|
|
+ o document what we mean by socks.
|
|
|
|
|
|
NICK . packages
|
|
|
. rpm
|
|
|
@@ -174,8 +144,9 @@ NICK . packages
|
|
|
o extend socks4 to do resolves?
|
|
|
o make script to ask tor for resolves
|
|
|
- tsocks
|
|
|
- - gather patches, submit to maintainer
|
|
|
- - intercept gethostbyname and others, do resolve via tor
|
|
|
+ o gather patches, submit to maintainer
|
|
|
+ - intercept gethostbyname and others
|
|
|
+ o do resolve via tor
|
|
|
- redesign and thorough code revamp, with particular eye toward:
|
|
|
- support half-open tcp connections
|
|
|
- conn key rotation
|
|
|
@@ -187,8 +158,6 @@ Other details and small and hard things:
|
|
|
- tor should be able to have a pool of outgoing IP addresses
|
|
|
that it is able to rotate through. (maybe)
|
|
|
- tie into squid
|
|
|
- - buffer size pool, to let a few buffers grow huge or many buffers
|
|
|
- grow a bit
|
|
|
- hidserv offerers shouldn't need to define a SocksPort
|
|
|
- when the client fails to pick an intro point for a hidserv,
|
|
|
it should refetch the hidserv desc.
|
|
|
@@ -196,8 +165,6 @@ Other details and small and hard things:
|
|
|
e.g. clock skew.
|
|
|
- should retry exitpolicy end streams even if the end cell didn't
|
|
|
resolve the address for you
|
|
|
- - Add '[...truncated]' or similar to truncated log entries (like the directory
|
|
|
- in connection_dir_process_inbuf()).
|
|
|
. Make logs handle it better when writing to them fails.
|
|
|
o Dirserver shouldn't put you in running-routers list if you haven't
|
|
|
uploaded a descriptor recently
|
|
|
@@ -207,7 +174,6 @@ Other details and small and hard things:
|
|
|
. Scrubbing proxies
|
|
|
- Find an smtp proxy?
|
|
|
. Get socks4a support into Mozilla
|
|
|
- - Extend by hostname, not by IP.
|
|
|
- Need a relay teardown cell, separate from one-way ends.
|
|
|
- Make it harder to circumvent bandwidth caps: look at number of bytes
|
|
|
sent across sockets, not number sent inside TLS stream.
|
Roger Dingledine