TODO.external 6.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182
  1. $Id$
  2. Legend:
  3. SPEC!! - Not specified
  4. SPEC - Spec not finalized
  5. N - nick claims
  6. R - arma claims
  7. P - phobos claims
  8. S - Steven claims
  9. E - Matt claims
  10. M - Mike claims
  11. J - Jeff claims
  12. I - ioerror claims
  13. W - weasel claims
  14. K - Karsten claims
  15. C - coderman claims
  16. - Not done
  17. * Top priority
  18. . Partially done
  19. o Done
  20. d Deferrable
  21. D Deferred
  22. X Abandoned
  23. =======================================================================
  24. External constraints:
  25. Past due:
  26. N - Refine proposal 158, and implement.
  27. For June/July:
  28. NR - Work more on Paul's NRL research problem.
  29. For March 22:
  30. I * Email auto-responder
  31. * How do we better support users with limited email
  32. bandwidth? Multi-part download? Teach them how to reconnect
  33. their gmail? Does downloading your gmail work when your network
  34. keeps dying?
  35. K - Metrics.
  36. - With Mike's help, use Torflow to start doing monthly rudimentary
  37. performance evaluations:
  38. - Circuit throughput and latency
  39. - Measure via Broadband and dialup
  40. - Publish a report addressing key long-term metrics questions:
  41. - What metrics should we present?
  42. - What data are available for these metrics?
  43. - What data are missing, and can collect them safely? Can we
  44. publish them safely?
  45. - What systems are available to present this data?
  46. E - Vidalia improvements
  47. - Put out a Vidalia release with the new features in it.
  48. - Vidalia displays by-country user summary for bridge operators
  49. ? - write a help page for vidalia, "what is this"
  50. M - Torbutton development
  51. - Put out a Torbutton release with the new features in it.
  52. C - Transparent interception of connections on Windows
  53. - Write a summary (with links) of current progress and current
  54. limitations.
  55. S - Continue analyzing "traces" left on host machine by use of
  56. Tor Browser, especially once we have our new launcher and have moved
  57. to FF3. Write a summary of current progress, and what remains. Try
  58. to solve some of the low-hanging fruit.
  59. I d Get a relay operator mailing list going, with a plan and supporting
  60. scripts and so on.
  61. For mid August:
  62. Section 0, items that didn't make it into the original roadmap:
  63. 0.1, installers and packaging
  64. C . i18n for the msi bundle files
  65. P . more consistent TBB builds
  66. IC- get a buildbot up again. Have Linux and BSD build machines.
  67. (Windows would be nice but realistically will come later.)
  68. E - Get Tor to work properly on the iPhone.
  69. 3.1.1, performance work.
  70. XXX
  71. 4.1, IOCP / libevent / windows / tor
  72. N - get it working for nick
  73. N - put out a release so other people can start testing it.
  74. N - both the libevent buffer abstraction, and the
  75. tor-uses-libevent-buffer-abstraction. Unless we think that's
  76. unreachable for this milestone?
  77. 4.2.1, risks from becoming a relay
  78. S - Have a clear plan for how users who become relays will be safe,
  79. and be confident that we can build this plan.
  80. - evaluate all the various attacks that are made possible by relaying.
  81. specifically, see "relaying-traffic attacks" in 6.6.
  82. - identify and evaluate ways to make them not a big deal
  83. - setting a low RelayBandwidth
  84. - Nick Hopper's FC08 paper suggesting that we should do a modified
  85. round-robin so we leak less about other circuits
  86. - instructing clients to disable pings in their firewall, etc
  87. - pick the promising ones, improve them so they're even better, and
  88. spec them out so we know how to build them and how much effort is
  89. involved in building them.
  90. 4.5, clients download less directory info
  91. N - deploy proposal 158.
  92. N - decide whether to do proposal 140. if so, construct an implementation
  93. plan for how we'll do it. if not, explain why not.
  94. 5.1, Normalize TLS fingerprint
  95. N o write a draft list of possible attacks for this section, with
  96. estimates about difficulty of attack, difficulty of solution, etc
  97. N - revisit the list and revise our plans as needed
  98. NR- put up a blog post about the two contradictory conclusions: we can
  99. discuss the theory of arms races, and our quandry, without revealing
  100. any specific vulnerabilities. (or decide not to put up a blog post,
  101. and explain why not.)
  102. 5.5, email autoresponder
  103. I . maintenance and keeping it running
  104. 5.7.2, metrics
  105. XXX.
  106. 6.2, Vidalia work
  107. E - add breakpad support or similar for windows debugging
  108. E o let vidalia change languages without needing a restart
  109. E - Implement the status warning event interface started for the
  110. phase one deliverables.
  111. E - Work with Steve Tyree on building a Vidalia plugin API to enable
  112. building Herdict and TBB plugins.
  113. 6.3, Node scanning
  114. M - Steps toward automation
  115. - Set up email list for results
  116. - Map failure types to potential BadExit lines
  117. M - Improve the ability of SoaT to mimic various real web browsers
  118. - randomizing user agents and locale strings
  119. - caching, XMLHTTPRequest, form posting, content sniffing
  120. - Investigate ideas like running Chrome/xulrunner in parallel
  121. M - Other protocols
  122. - SSH, IMAPS, POPS, SMTPS
  123. M - Add ability to geolocalize exit selection based on scanner location
  124. - Use this to rescan dynamic urls filtered by the URL filter
  125. 6.4, Torbutton development
  126. M - Resolve extension conflicts and other high priority bugs
  127. M - Fix or hack around ugly firefox bugs, especially Timezone issue.
  128. Definitely leaning towards "hack around" unless we see some
  129. level of love from Mozilla.
  130. M - Vidalia New Nym Integration
  131. - Implement for Torbutton to pick up on Vidalia's NEWNYM and clear
  132. cookies based on FoeBud's source
  133. - Do this in such a way that we could adapt polipo to purge cache
  134. if we were so inclined
  135. M - Write up a summary of our options for dealing with the google
  136. you-must-solve-a-captcha-to-search problem, and pick one as our
  137. favorite option.
  138. 6.6, Evaluate new anonymity attacks
  139. S - relaying-traffic attacks
  140. - original murdoch-danezis attack
  141. - nick hopper's latency measurement attack
  142. - columbia bandwidth measurement attack
  143. - christian grothoff's long-circuit attack
  144. S - client attacks
  145. - website fingerprinting
  146. 7.1, Tor VM Research, analysis, and prototyping
  147. C . Get a working package out, meaning other people are testing it.
  148. 7.2, Tor Browser Bundle
  149. I - Port to one of OS X or Linux, and start the port to the other.
  150. I . Make it the recommended Tor download on Windows
  151. I - Make sure it's easy to un-brand TBB in case Firefox asks us to
  152. I - Evaluate CCC's Freedom Stick