Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 5fc0bcf303
Branches Tags
tor
/
TODO

TODO 6.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132 
  1. 

  2. Obvious things I'd like to do that won't break anything:
    3. 

  3. 

  4. * Abstract out crypto calls, with the eventual goal of moving
    5. 

  5.   from openssl to something with a more flexible license.
    6. 

  6. 

  7. * Test suite. We need one.
    8. 

  8. 

  9. * Switch the "return -1" cases that really mean "you've got a bug"
    10. 

  10.   into calls to assert().
    11. 

  11. 

  12. * Since my OR can handle multiple circuits through a given OP,
    13. 

  13.   I think it's clear that the OP should pass new create cells through the
    14. 

  14.   same channel. Thus we can take advantage of the padding we're already
    15. 

  15.   getting. Does that mean the choose_onion functions should be changed
    16. 

  16.   to always pick a favorite OR first, so the OP can minimize the number
    17. 

  17.   of outgoing connections it must sustain?
    18. 

  18. 

  19. * Rewrite the OP to be non-blocking single-process.
    20. 

  20. 

  21. * Add autoconf support.
    22. 

  22.   Figure out what .h files we're actually using, and how portable
    23. 

  23.   those are.
    24. 

  24. 

  25. * Since we're using a stream cipher, an adversary's cell arriving with the
    26. 

  26.   same aci will forever trash our circuit. Since each side picks half
    27. 

  27.   the aci, for each cell the adversary has a 1/256 chance of trashing a
    28. 

  28.   circuit. This is really nasty. We want to make ACIs something reasonably
    29. 

  29.   hard to collide with, such as 20 bytes.
    30. 

  30. 

  31.   While we're at it, I'd like more than 4 bits for Version. :)
    32. 

  32. 

  33. * Exit policies. Since we don't really know what protocol is being spoken,
    34. 

  34.   it really comes down to an IP range and port range that we
    35. 

  35.   allow/disallow. The 'application' connection can evaluate it and make
    36. 

  36.   a decision.
    37. 

  37. 

  38. * We currently block on gethostbyname in OR. This is poor. The complex
    39. 

  39.   solution is to have a separate process that we talk to. There are some
    40. 

  40.   free software versions we can use, but they'll still be tricky. The
    41. 

  41.   better answer is to realize that the OP can do the resolution and
    42. 

  42.   simply hand the OR an IP directly.
    43. 

  43.   A) This prevents us from doing sneaky things like having the name resolve
    44. 

  44.      differently at the OR than at the OP. I'm ok with that.
    45. 

  45.   B) It actually just shunts the "dns lookups block" problem back onto the
    46. 

  46.      OP. But that's ok too, because the OP doesn't have to be as robust.
    47. 

  47.      (Heck, can we have the application proxy resolve it, even?)
    48. 

  48. 

  49. * I'd like a cleaner interface for the configuration files, keys, etc.
    50. 

  50.   Perhaps the next step is a central repository where we download router
    51. 

  51.   lists? Something that takes the human more out of the loop.
    52. 

  52. 

  53.   We should look into a 'topology communication protocol'; there's one
    54. 

  54.   mentioned in the spec that Paul has, but I haven't looked at it to
    55. 

  55.   know how complete it is or how well it would work. This would also
    56. 

  56.   allow us to add new ORs on the fly. Directory servers, a la the ones
    57. 

  57.   we're developing for Mixminion (see http://mixminion.net/), are also
    58. 

  58.   a very nice approach to consider.
    59. 

  59. 

  60. * Should ORs rotate their link keys periodically?
    61. 

  61. 

  62. * We probably want OAEP padding for RSA.
    63. 

  63. 

  64. * The parts of the code that say 'FIXME'
    65. 

  65. 

  66. * Clean up the number of places that get to look at prkey.
    67. 

  67. 

  68. * Circuits should expire sometime, say, when circuit->expire triggers?
    69. 

  69. 

  70. 

  71. 

  72. 

  73. Non-obvious things I'd like to do:
    74. 

  74. 

  75. (Many of these topics are inter-related. It's clear that we need more
    76. 

  76. analysis before we can guess which approaches are good.)
    77. 

  77. 

  78. * Padding between ORs, and correct padding between OPs. The ORs currently
    79. 

  79.   send no padding cells between each other. Currently the OP seems to
    80. 

  80.   send padding at a steady rate, but data cells can come more quickly
    81. 

  81.   than that. This doesn't provide much protection at all. I'd like to
    82. 

  82.   investigate a synchronous mixing approach, where cells are sent at fixed
    83. 

  83.   intervals. We need to investigate the effects of this on DoS resistance
    84. 

  84.   -- what do we do when we have too many packets? One approach is to
    85. 

  85.   do traffic shaping rather than traffic padding -- we gain a bit more
    86. 

  86.   resistance to DoS at the expense of some anonymity. Can we compare this
    87. 

  87.   analysis to that of the Cottrell Mix, and learn something new? We'll
    88. 

  88.   need to decide on exactly how the traffic shaping algorithm works.
    89. 

  89. 

  90. * Make the connection buf's grow dynamically as needed. This won't
    91. 

  91.   really solve the fundamental problem above, though, that a buffer
    92. 

  92.   can be given an adversary-controlled number of cells.
    93. 

  93. 

  94. * I'd like to add a scheduler of some sort. Currently we only need one
    95. 

  95.   for sending out padding cells, and if these events are periodic and
    96. 

  96.   synchronized, we don't yet need a scheduler per se, but rather we just
    97. 

  97.   need to have poll return every so often and avoid sending cells onto
    98. 

  98.   the sockets except at the appointed time. We're nearly ready to do
    99. 

  99.   that as it is, with the separation of write_to_buf() and flush_buf().
    100. 

  100. 

  101.   Edge case: what do we do with circuits that receive a destroy
    102. 

  102.   cell before all data has been sent out? Currently there's only one
    103. 

  103.   (outgoing) buffer per connection, so since it's crypted, a circuit
    104. 

  104.   can't recognize its own packet once it's been queued. We could mark
    105. 

  105.   the circuits for destruction, and go through and cull them once the
    106. 

  106.   buffer is entirely flushed; but with the synchronous approach above,
    107. 

  107.   the buffer may never become empty. Perhaps I should implement a callback
    108. 

  108.   system, so a function can get called when a particular cell gets sent
    109. 

  109.   out. That sounds very flexible, but might also be overkill.
    110. 

  110. 

  111. * Currently when a connection goes down, it generates a destroy cell
    112. 

  112.   (either in both directions or just the appropriate one). When a
    113. 

  113.   destroy cell arrives to an OR (and it gets read after all previous
    114. 

  114.   cells have arrived), it delivers a destroy cell for the "other side"
    115. 

  115.   of the circuit: if the other side is an OP or APP, it closes the entire
    116. 

  116.   connection as well.
    117. 

  117. 

  118.   But by "a connection going down", I mean "I read eof from it". Yet
    119. 

  119.   reading an eof simply means that it promises not to send any more
    120. 

  120.   data. It may still be perfectly fine receiving data (read "man 2
    121. 

  121.   shutdown"). In fact, some webservers work that way -- the client sends
    122. 

  122.   his entire request, and when the webserver reads an eof it begins
    123. 

  123.   its response. We currently don't support that sort of protocol; we
    124. 

  124.   may want to switch to some sort of a two-way-destry-ripple technique
    125. 

  125.   (where a destroy makes its way all the way to the end of the circuit
    126. 

  126.   before being echoed back, and data stops flowing only when a destroy
    127. 

  127.   has been received from both sides of the circuit); this extends the
    128. 

  128.   one-hop-ack approach that Matej used.
    129. 

  129. 

  130. * Reply onions. Hrm.
    131. 

  131. 

  132.