Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: a02923122e
Branches Tags
tor
/
doc
/
spec
/
proposals
/
098-todo.txt

098-todo.txt 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 
  1. Filename: 098-todo.txt
    2. 

  2. Title: Proposals that should be written
    3. 

  3. Version: $Revision$
    4. 

  4. Last-Modified: $Date$
    5. 

  5. Author: Nick Mathewson, Roger Dingledine
    6. 

  6. Created: 26-Jan-2007
    7. 

  7. Status: Meta
    8. 

  8. 

  9. Overview:
    10. 

  10. 

  11.    This document lists ideas that various people have had for improving the
    12. 

  12.    Tor protocol.  These should be implemented and specified if they're
    13. 

  13.    trivial, or written up as proposals if they're not.
    14. 

  14. 

  15.    This is an active document, to be edited as proposals are written and as
    16. 

  16.    we come up with new ideas for proposals.  We should take stuff out as it
    17. 

  17.    seems irrelevant.
    18. 

  18. 

  19. 

  20. For some later protocol version.
    21. 

  21. 

  22.   - It would be great to get smarter about identity and linkability.
    23. 

  23.     It's not crazy to say, "Never use the same circuit for my SSH
    24. 

  24.     connections and my web browsing."  How far can/should we take this?
    25. 

  25.     See ideas/xxx-separate-streams-by-port.txt for a start.
    26. 

  26. 

  27.   - Fix onionskin handshake scheme to be more mainstream, less nutty.
    28. 

  28.     Can we just do
    29. 

  29.         E(HMAC(g^x), g^x) rather than just E(g^x) ?
    30. 

  30.     No, that has the same flaws as before. We should send
    31. 

  31.         E(g^x, C) with random C and expect g^y, HMAC_C(K=g^xy).
    32. 

  32.     Better ask Ian; probably Stephen too.
    33. 

  33. 

  34.   - Length on CREATE and friends
    35. 

  35. 

  36.   - Versioning on circuits and create cells, so we have a clear path
    37. 

  37.     to improve the circuit protocol.
    38. 

  38. 

  39.   - SHA1 is showing its age.  We should get a design for upgrading our
    40. 

  40.     hash once the AHS competition is done, or even sooner.
    41. 

  41. 

  42.   - Not being able to upgrade ciphersuites or increase key lengths is
    43. 

  43.     lame.
    44. 

  44.   - Paul has some ideas about circuit creation; read his PET paper once it's
    45. 

  45.     out.
    46. 

  46. 

  47. Any time:
    48. 

  48. 

  49.   - Some ideas for revising the directory protocol:
    50. 

  50.     - Extend the "r" line in network-status to give a set of buckets (say,
    51. 

  51.       comma-separated) for that router.
    52. 

  52.       - Buckets are deterministic based on IP address.
    53. 

  53.       - Then clients can choose a bucket (or set of buckets) to
    54. 

  54.         download and use.
    55. 

  55.     - We need a way for the authorities to declare that nodes are in a
    56. 

  56.       family.  Also, it kinda sucks that family declarations use O(N^2) space
    57. 

  57.       in the descriptors.
    58. 

  58.   - REASON_CONNECTFAILED should include an IP.
    59. 

  59.   - Spec should incorporate some prose from tor-design to be more readable.
    60. 

  60.   - Spec when we should rotate which keys
    61. 

  61.   - Spec how to publish descriptors less often
    62. 

  62.   - Describe pros and cons of non-deterministic path lengths
    63. 

  63. 

  64.   - We should use a variable-length path length by default -- 3 +/- some
    65. 

  65.     distribution. Need to think harder about allowing values less than 3,
    66. 

  66.     and there's a tradeoff between having a wide variance and performance.
    67. 

  67. 

  68.   - Clients currently use certs during TLS.  Is this wise?  It does make it
    69. 

  69.     easier for servers to tell which NATted client is which. We could use a
    70. 

  70.     seprate set of certs for each guard, I suppose, but generating so many
    71. 

  71.     certs could get expensive.  Omitting them entirely would make OP->OR
    72. 

  72.     easier to tell from OR->OR.
    73. 

  73. 

  74. Things that should change...
    75. 

  75. 

  76. B.1. ... but which will require backward-incompatible change
    77. 

  77. 

  78.   - Circuit IDs should be longer.
    79. 

  79.   . IPv6 everywhere.
    80. 

  80.   - Maybe, keys should be longer.
    81. 

  81.     - Maybe, key-length should be adjustable.  How to do this without
    82. 

  82.       making anonymity suck?
    83. 

  83.   - Drop backward compatibility.
    84. 

  84.   - We should use a 128-bit subgroup of our DH prime.
    85. 

  85.   - Handshake should use HMAC.
    86. 

  86.   - Multiple cell lengths.
    87. 

  87.   - Ability to split circuits across paths (If this is useful.)
    88. 

  88.   - SENDME windows should be dynamic.
    89. 

  89. 

  90.   - Directory
    91. 

  91.      - Stop ever mentioning socks ports
    92. 

  92. 

  93. B.1. ... and that will require no changes
    94. 

  94. 

  95.    - Advertised outbound IP?
    96. 

  96.    - Migrate streams across circuits.
    97. 

  97.    - Fix bug 469 by limiting the number of simultaneous connections per IP.
    98. 

  98. 

  99. B.2. ... and that we have no idea how to do.
    100. 

  100. 

  101.    - UDP (as transport)
    102. 

  102.    - UDP (as content)
    103. 

  103.    - Use a better AES mode that has built-in integrity checking,
    104. 

  104.      doesn't grow with the number of hops, is not patented, and
    105. 

  105.      is implemented and maintained by smart people.
    106. 

  106. 

  107. Let onion keys be not just RSA but maybe DH too, for Paul's reply onion
    108. 

  108. design.
    109. 

  109.