|
|
@@ -70,3 +70,113 @@ S - Continue analyzing "traces" left on host machine by use of
|
|
|
I d Get a relay operator mailing list going, with a plan and supporting
|
|
|
scripts and so on.
|
|
|
|
|
|
+For mid August:
|
|
|
+
|
|
|
+Section 0, items that didn't make it into the original roadmap:
|
|
|
+
|
|
|
+0.1, installers and packaging
|
|
|
+C - i18n for the msi bundle files
|
|
|
+P - more consistent TBB builds
|
|
|
+IC- get a buildbot up again. Have Linux and BSD build machines.
|
|
|
+ (Windows would be nice but realistically will come later.)
|
|
|
+E - Get Tor to work properly on the iPhone.
|
|
|
+
|
|
|
+3.1.1, performance work.
|
|
|
+
|
|
|
+XXX
|
|
|
+
|
|
|
+4.1, IOCP / libevent / windows / tor
|
|
|
+N - get it working for nick
|
|
|
+N - put out a release so other people can start testing it.
|
|
|
+N - both the libevent buffer abstraction, and the
|
|
|
+ tor-uses-libevent-buffer-abstraction. Unless we think that's
|
|
|
+ unreachable for this milestone?
|
|
|
+
|
|
|
+4.2.1, risks from becoming a relay
|
|
|
+S - Have a clear plan for how users who become relays will be safe,
|
|
|
+ and be confident that we can build this plan.
|
|
|
+ - evaluate all the various attacks that are made possible by relaying.
|
|
|
+ specifically, see "relaying-traffic attacks" in 6.6.
|
|
|
+ - identify and evaluate ways to make them not a big deal
|
|
|
+ - setting a low RelayBandwidth
|
|
|
+ - Nick Hopper's FC08 paper suggesting that we should do a modified
|
|
|
+ round-robin so we leak less about other circuits
|
|
|
+ - instructing clients to disable pings in their firewall, etc
|
|
|
+ - pick the promising ones, improve them so they're even better, and
|
|
|
+ spec them out so we know how to build them and how much effort is
|
|
|
+ involved in building them.
|
|
|
+
|
|
|
+4.5, clients download less directory info
|
|
|
+N - deploy proposal 158.
|
|
|
+N - decide whether to do proposal 140. if so, construct an implementation
|
|
|
+ plan for how we'll do it. if not, explain why not.
|
|
|
+
|
|
|
+5.1, Normalize TLS fingerprint
|
|
|
+N - write a draft list of possible attacks for this section, with
|
|
|
+ estimates about difficulty of attack, difficulty of solution, etc
|
|
|
+N - revisit the list and revise our plans as needed
|
|
|
+NR- put up a blog post about the two contradictory conclusions: we can
|
|
|
+ discuss the theory of arms races, and our quandry, without revealing
|
|
|
+ any specific vulnerabilities. (or decide not to put up a blog post,
|
|
|
+ and explain why not.)
|
|
|
+
|
|
|
+5.5, email autoresponder
|
|
|
+I - maintenance and keeping it running
|
|
|
+
|
|
|
+5.7.2, metrics
|
|
|
+
|
|
|
+XXX.
|
|
|
+
|
|
|
+6.2, Vidalia work
|
|
|
+E - add breakpad support or similar for windows debugging
|
|
|
+E - let vidalia change languages without needing a restart
|
|
|
+E - Implement the status warning event interface started for the
|
|
|
+ phase one deliverables.
|
|
|
+E - Work with Steve Tyree on building a Vidalia plugin API to enable
|
|
|
+ building Herdict and TBB plugins.
|
|
|
+
|
|
|
+6.3, Node scanning
|
|
|
+M - Steps toward automation
|
|
|
+ - Set up email list for results
|
|
|
+ - Map failure types to potential BadExit lines
|
|
|
+M - Improve the ability of SoaT to mimic various real web browsers
|
|
|
+ - randomizing user agents and locale strings
|
|
|
+ - caching, XMLHTTPRequest, form posting, content sniffing
|
|
|
+ - Investigate ideas like running Chrome/xulrunner in parallel
|
|
|
+M - Other protocols
|
|
|
+ - SSH, IMAPS, POPS, SMTPS
|
|
|
+M - Add ability to geolocalize exit selection based on scanner location
|
|
|
+ - Use this to rescan dynamic urls filtered by the URL filter
|
|
|
+
|
|
|
+6.4, Torbutton development
|
|
|
+M - Resolve extension conflicts and other high priority bugs
|
|
|
+M - Fix or hack around ugly firefox bugs, especially Timezone issue.
|
|
|
+ Definitely leaning towards "hack around" unless we see some
|
|
|
+ level of love from Mozilla.
|
|
|
+M - Vidalia New Nym Integration
|
|
|
+ - Implement for Torbutton to pick up on Vidalia's NEWNYM and clear
|
|
|
+ cookies based on FoeBud's source
|
|
|
+ - Do this in such a way that we could adapt polipo to purge cache
|
|
|
+ if we were so inclined
|
|
|
+M - Write up a summary of our options for dealing with the google
|
|
|
+ you-must-solve-a-captcha-to-search problem, and pick one as our
|
|
|
+ favorite option.
|
|
|
+
|
|
|
+6.6, Evaluate new anonymity attacks
|
|
|
+S - relaying-traffic attacks
|
|
|
+ - original murdoch-danezis attack
|
|
|
+ - nick hopper's latency measurement attack
|
|
|
+ - columbia bandwidth measurement attack
|
|
|
+ - christian grothoff's long-circuit attack
|
|
|
+S - client attacks
|
|
|
+ - website fingerprinting
|
|
|
+
|
|
|
+7.1, Tor VM Research, analysis, and prototyping
|
|
|
+C - Get a working package out, meaning other people are testing it.
|
|
|
+
|
|
|
+7.2, Tor Browser Bundle
|
|
|
+I - Port to one of OS X or Linux, and start the port to the other.
|
|
|
+I - Make it the recommended Tor download on Windows
|
|
|
+I - Make sure it's easy to un-brand TBB in case Firefox asks us to
|
|
|
+I - Evaluate CCC's Freedom Stick
|
|
|
+
|
Roger Dingledine