remove some completed items from the TODO

svn:r5779

doc/TODO

@@ -37,56 +37,17 @@ for 0.1.1.x:
 N - if they're trying to be a tor server and they're running
      win 98 or win me, give them a message talking about The Bug.
 
-  o update 'exitlist' script to handle new dir format.
-  o state_description in config.c has gone stale
+R . Rename 'helper' to 'guard'.
 
-  . Helper nodes
-    . More testing and debugging
-    o If your helper nodes are unavailable, don't abandon them unless
-      other nodes *are* reachable.
-    o Make EntryNodes and StrictEntrynodes do what we want.
+N - Display the reasons in 'destroy' and 'truncated' cells under some
+    circumstances?
 
-N . Destroy and truncated cells should have reasons.
-    o Specify
-    o Implement
-    - Display the reasons under some circumstances?
-
-N . Only use a routerdesc if you recognize its hash.
-    o (Must defer till dirservers are upgraded to latest code, which
-      actually generates these hashes.)
-    . Of course, authdirservers must not do this.
-    o If we have a routerdesc for Bob, and he says, "I'm 0.1.0.x", don't
-      fetch a new one if it was published in the last 2 hours.
-      X Don't, actually. This is the authorities' job to straighten out.
-    o Do not ask for any routers until we have 2 networkstatuses.
+N . Directory changes
     . Client side:
-      o Keep a record of which hash is most desirable for each router inside
-        local_routerstatus_t.
-        o If any hash is listed by two or more networkstatuses, the most
-          recent such hash is most desirable.
-        o Otherwise, the most recent is desirable.
-      o Once we've accepted a router, it's okay.
-      o Do not accept a router that no networkstatus lists. (This should maybe
-        get stricter.)
-      o Download by descriptor digest.
-      o Reset failure count to zero when hash changes.
-      . Test
-      - Do we want to rate-limit downloads of each identity?
-    . Mirrors and authorities:
-      o Every time we hear a new networkstatus, we want every hash it lists.
-      o Make sure that we are always willing to keep at least N routerinfos
-        per router, where N = number of authorities.
-        o Do whatever else is needed to be sure that we don't request
-          hashes that would be immediately discarded, or discard hashes
-          that would be immediately re-requested.
-      o Only fetch routerinfo from an authority that mentions is.
-        o Only ask each authority once.
-        o Retry soon after failure.
-        o We need one bit per routerstatus for "should we download from
-          this guy."
-      - Verify that we are actually storing retained old descriptors to our
-        cache.
-      - Test.
+      - Do we want to rate-limit downloads of each identity, or do something
+        else to download even less?
+      - Do we want to refrain from downloading non-running or non-verified
+        descriptors? This is potentially dangerous.
     - Non-directories don't need to keep descriptors in memory.
 
 R - Christian Grothoff's attack of infinite-length circuit.
@@ -110,7 +71,6 @@ R - clients prefer to avoid exit nodes for non-exit path positions.
 
   - the tor client can do the "automatic proxy config url" thing?
 
-
 Deferred from 0.1.1.x:
 
   - Automatically determine what ports are reachable and start using
@@ -121,7 +81,6 @@ N - Should router info have a pointer to routerstatus?
     - We should at least do something about the duplicated fields.
 
 N . Additional controller features
-      o Find a way to make event info more extensible
       - change circuit status events to give more details, like purpose,
         whether they're internal, when they become dirty, when they become
         too dirty for further circuits, etc.
@@ -153,87 +112,18 @@ N       - Specify and implement it.
 
   - cpu fixes:
     - see if we should make use of truncate to retry
-    o hardware accelerator support (configure engines.)
-    o hardware accelerator support (use instead of aes.c when reasonable)
-      - Benchmark this somehow to see whether using EVP_foo is slower in the
-        non-engine case than AES_foo.  If so, check for AES engine and fall
-        back to AES_foo when it's not found.
 R   - kill dns workers more slowly
 
   . Directory changes
-    o recommended-versions for client / server ?
     . Some back-out mechanism for auto-approval
-      o dirservers have blacklist of IPs and keys they hate
       - a way of rolling back approvals to before a timestamp
         - Consider minion-like fingerprint file/log combination.
 
-    - Decentralization
-      o Dirservers publish compressed network-status objects.
-        o Support retrieving several-at-once
-      o Everyone downloads network-status objects
-        o Clients: from all directories, round-robin
-          o Basic implementation: disable until 0.1.1.x is out.
-          o On failure, mark trusted_dir_server as having failed
-          o Retry, up to a point.
-          X Launch retry immediately on failure.
-        o Parse them
-        o Cache them, reload on restart
-        o Serve cached directories
-      o Directories expose individual descriptors
-        X By 'if-newer-than' (Does the spec require this??)
-        o Support compression.
-      o Alice acts on network-status objects
-        o Alice downloads descriptors as needed.
-          o Figure out what's needed
-          o Store it
-            o Implement store
-            o Implement reload-from-store
-            o Store downloaded descriptors
-          o Download it
-            o As-needed if we have 2 network-status objs.
-            o Download "all" if we have less than 2 network-status objs.
-              (This has vulnerabilities if we're not careful)
-            o Call directory_has_arrived as needed; rename it.
-            o Set has_fetched_directory properly.
-          o Retry descriptors on failure
-          o Give up after a while.
-          - But try again after a long while (???)
-        o Check software versions according to some sane plan.
-          - Warn again after 24 hours.
-        o Alice sets descriptor status from network-status
-          o Implement
-          o Use
-      o Routerdesc download changes
-        o Refactor combined-status to be its own type.
-        o Change rule from "do not launch new connections when one exists" to
-          "do not request any fingerprint that we're currently requesting."
-        o Launch connections every minute, or whenever a download fails
-        o Retry failed routerdescs after 0, 1, 5, 10 minutes.
-          o Mirrors retry harder and more often. (0, 0, 1, 1, 2, 5, and 15)
-        o Reset failure count every 60 minutes
-        o Drop fallback to download-all.  Also, always split download.
-        o Use has_fetched_directory sanely, whatever that means.
-      o Downgrade new directory events from notice to info
-      o Call dirport_is_reachable from somewhere else.
-      o Networkstatus should list who's an authority.
-      o Add nickname element to dirserver line.  Log this along with IP:Port.
-      o Warn when using non-default directory servers.
-      o When giving up on a non-finished dir request, log how many bytes
-        dropped, to see whether it's worthwhile to use partial info.
-
     - config option to publish what ports you listen on, beyond
       ORPort/DirPort.  It should support ranges and bit prefixes (?) too.
       - Parse this.
       - Relay this in networkstatus.
 
-    X Make authorities rate-limit logging their complaints about given
-      servers?
-    o All versions of Tor should get cosmetic changes rate-limited.
-    o Pick directories from networkstatus objects, not from routerlist.
-      o But! We can't do this easily, since we want to know about platform,
-        and networkstatus doesn't tell us Tor version.  Can we solve this?
-        Should we do it by adding flags to networkstatus or what?
-
   - packaging and ui stuff:
     . multiple sample torrc files
     - uninstallers
@@ -251,11 +141,6 @@ N   - Vet all pending installer patches
     - unrecommend IE because of ftp:// bug.
     - torrc.complete.in needs attention?
 
-  o Dump "ports" from routerparse?
-
-  o Let more config options (e.g. ORPort) change dynamically.
-  o Add TTLs to DNS-related replies, and use them (when present) to adjust
-    addressmap values.
   - Bind to random port when making outgoing connections to Tor servers,
     to reduce remote sniping attacks.
   - Have new people be in limbo and need to demonstrate usefulness
@@ -283,18 +168,11 @@ N   - Vet all pending installer patches
       - Make it harder to circumvent bandwidth caps: look at number of bytes
         sent across sockets, not number sent inside TLS stream.
 
-  o Research memory use on Linux: what's happening?
-    X Is it threading?  (Maybe, maybe not)
-    X Is it the buf_shrink bug? (Quite possibly)
-    o Instrument the 0.1.1 code to figure out where our memory is going;
-      apply the results. (all platforms?)
-
   - Make router_is_general_exit() a bit smarter once we're sure what it's for.
 
   - Directory "helper".
 
   - rewrite how libevent does select() on win32 so it's not so very slow.
-  o enclaves (at least preliminary)
   - Write limiting; separate token bucket for write
   - Audit everything to make sure rend and intro points are just as likely to
     be us as not.
@@ -335,8 +213,6 @@ Blue-sky:
   - Implement Morphmix, so we can compare its behavior, complexity, etc.
   - Other transport. HTTP, udp, rdp, airhook, etc. May have to do our own
     link crypto, unless we can bully openssl into it.
-  o Conn key rotation (we switch to a new one after a week, but
-    old circuits don't get any benefit from this).
   - Need a relay teardown cell, separate from one-way ends.
     (Pending a user who needs this)
   - Handle half-open connections: right now we don't support all TCP