|
@@ -2,64 +2,77 @@ Changes in version 0.3.2.1-alpha - 2017-09-18
|
|
|
Tor 0.3.2.1-alpha is the first release in the 0.3.2.x series. It
|
|
Tor 0.3.2.1-alpha is the first release in the 0.3.2.x series. It
|
|
|
includes support for our next-generation ("v3") onion service
|
|
includes support for our next-generation ("v3") onion service
|
|
|
protocol, and adds a new circuit scheduler for more responsive
|
|
protocol, and adds a new circuit scheduler for more responsive
|
|
|
- forwarding decisions from relays. There are also numerous other
|
|
+ forwarding decisions from relays. There are also numerous other small
|
|
|
- small features and bugfixes here.
|
|
+ features and bugfixes here.
|
|
|
|
|
|
|
|
Below are the changes since Tor 0.3.1.7.
|
|
Below are the changes since Tor 0.3.1.7.
|
|
|
|
|
|
|
|
o Major feature (scheduler, channel):
|
|
o Major feature (scheduler, channel):
|
|
|
- - Introducing the KIST scheduler which stands for Kernel Informed
|
|
+ - Clients and relays now use new schedulers to decide which circuits
|
|
|
- Socket Transport. It is only available on Linux systems. This
|
|
+ should deliver cells first. The first type is called "KIST"
|
|
|
- comes from a researched and published paper you can find
|
|
+ ("Kernel Informed Socket Transport"), and is only available on
|
|
|
- here: http://www.robgjansen.com/publications/kist-sec2014.pdf
|
|
+ Linux-like systems: it uses feedback from the kernel to prevent
|
|
|
- https://arxiv.org/abs/1709.01044 This is also a major refactoring
|
|
+ the kernel's TCP buffers from growing too full. The second new
|
|
|
- of the entire scheduler subsystem in order for it to be more
|
|
+ scheduler type is called "KISTLite": it behaves the same as KIST,
|
|
|
- modular and thus much more easier to add more scheduler type
|
|
+ but runs on systems without kernel support for inspecting TCP
|
|
|
- later. The current scheduler has been named "Vanilla" but we favor
|
|
+ implementation details. The old scheduler is still available,
|
|
|
- KIST if available in this version. A new torrc option has been
|
|
+ under the name "Vanilla". To change the default scheduler
|
|
|
- added and named "Schedulers type1,type2,..." which allows a user
|
|
+ preference order, use the new "Schedulers" option. (The default
|
|
|
- to select which scheduler type it wants tor to use. It is also
|
|
+ preference order is "KIST,KISTLite,Vanilla".)
|
|
|
- possible to change it at runtime. It is an ordered list by
|
|
+
|
|
|
- priority. KIST might not be available on all platforms so there is
|
|
+ Matt Traudt implemented KIST, based on research by Rob Jansen,
|
|
|
- a fallback to "KISTLite" that uses the same mechanisms but without
|
|
+ John Geddes, Christ Wacek, Micah Sherr, and Paul Syverson. For
|
|
|
- the kernel support. The current default values are: Schedulers
|
|
+ more information, see the design paper at
|
|
|
- KIST,KISTLite,Vanilla. Closes ticket 12541.
|
|
+ http://www.robgjansen.com/publications/kist-sec2014.pdf and the
|
|
|
|
|
+ followup implementation paper at https://arxiv.org/abs/1709.01044.
|
|
|
|
|
+ Closes ticket 12541.
|
|
|
|
|
|
|
|
o Major features (next-generation onion services):
|
|
o Major features (next-generation onion services):
|
|
|
- Tor now supports the next-generation onion services protocol for
|
|
- Tor now supports the next-generation onion services protocol for
|
|
|
clients and services! As part of this release, the core of
|
|
clients and services! As part of this release, the core of
|
|
|
proposal 224 has been implemented and is available for
|
|
proposal 224 has been implemented and is available for
|
|
|
experimentation and testing by our users. This newer version of
|
|
experimentation and testing by our users. This newer version of
|
|
|
- onion services (v3) features various improvements over the legacy
|
|
+ onion services ("v3") features many improvements over the legacy
|
|
|
- system: a) Better crypto (replaced SHA1/DH/RSA1024 with
|
|
+ system, including:
|
|
|
- SHA3/ed25519/curve25519) b) Improved directory protocol leaking
|
|
+
|
|
|
- less to directory servers. c) Improved directory protocol with
|
|
+ a) Better crypto (replaced SHA1/DH/RSA1024
|
|
|
- smaller surface for targeted attacks. d) Better onion address
|
|
+ with SHA3/ed25519/curve25519)
|
|
|
- security against impersonation. e) More extensible
|
|
+
|
|
|
- introduction/rendezvous protocol. f) A cleaner and more modular
|
|
+ b) Improved directory protocol, leaking much less information to
|
|
|
- codebase. Furthermore, as part of this update, onion addresses
|
|
+ directory servers.
|
|
|
- increase in length and are now 56 characters long:
|
|
+
|
|
|
- 4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion In
|
|
+ c) Improved directory protocol, with smaller surface for
|
|
|
- the future, we will be releasing more options and features but we
|
|
+ targeted attacks.
|
|
|
- first need a testing period, so that the current codebase matures
|
|
+
|
|
|
- and becomes more robust. Here are some of the features we have
|
|
+ d) Better onion address security against impersonation.
|
|
|
- planned: 1) Offline keys for onion services 2) Advanced client
|
|
+
|
|
|
- authorization for onion services 3) Improved guard algorithm for
|
|
+ e) More extensible introduction/rendezvous protocol.
|
|
|
- onion services 4) Next-gen onion service statistics Please see our
|
|
+
|
|
|
- proposal for more details:
|
|
+ f) A cleaner and more modular codebase.
|
|
|
- https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt
|
|
+
|
|
|
- The default version for onion services remains v2 (the legacy
|
|
+ You can identify a next-generation onion address by its length:
|
|
|
- system) until this new codebase gets tested and hardened. Service
|
|
+ they are56 characters long, as in
|
|
|
- operators who want to experiment with the new system can use the
|
|
+ "4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion".
|
|
|
- 'HiddenServiceVersion 3' torrc directive along with the regular
|
|
+
|
|
|
- onion service configuration options. We will publish a blog post
|
|
+ In the future, we will release more options and features for v3
|
|
|
- about this new feature soon! Enjoy!
|
|
+ onion services, but we first need a testing period, so that the
|
|
|
|
|
+ current codebase matures and becomes more robust. Planned features
|
|
|
|
|
+ include: offline keys, advanced client authorization, improved
|
|
|
|
|
+ guard algorithms, and statistics. For full details, see
|
|
|
|
|
+ proposal 224.
|
|
|
|
|
+
|
|
|
|
|
+ Legacy ("v2") onion services will still work for the forseeable
|
|
|
|
|
+ future, and will remain the default until this new codebase gets
|
|
|
|
|
+ tested and hardened. Service operators who want to experiment with
|
|
|
|
|
+ the new system can use the 'HiddenServiceVersion 3' torrc
|
|
|
|
|
+ directive along with the regular onion service configuration
|
|
|
|
|
+ options. We will publish a blog post about this new feature
|
|
|
|
|
+ soon! Enjoy!
|
|
|
|
|
|
|
|
o Major bugfixes (usability, control port):
|
|
o Major bugfixes (usability, control port):
|
|
|
- Report trusted clock skew indications as bootstrap errors, so
|
|
- Report trusted clock skew indications as bootstrap errors, so
|
|
|
controllers can more easily alert users when their clocks are
|
|
controllers can more easily alert users when their clocks are
|
|
|
- wrong. Fixes bug 23506; bugfix
|
|
+ wrong. Fixes bug 23506; bugfix on 0.1.2.6-alpha.
|
|
|
- on 0.1.2.6-alpha.
|
|
|
|
|
|
|
|
|
|
o Minor features (bug detection):
|
|
o Minor features (bug detection):
|
|
|
- Log a warning message, with stack trace, for any attempt to call
|
|
- Log a warning message, with stack trace, for any attempt to call
|
Nick Mathewson