098-todo.txt 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. Filename: 098-todo.txt
  2. Title: Proposals that should be written
  3. Version: $Revision$
  4. Last-Modified: $Date$
  5. Author: Nick Mathewson, Roger Dingledine
  6. Created: 26-Jan-2007
  7. Status: Meta
  8. Overview:
  9. This document lists ideas that various people have had for improving the
  10. Tor protocol. These should be implemented and specified if they're
  11. trivial, or written up as proposals if they're not.
  12. This is an active document, to be edited as proposals are written and as
  13. we come up with new ideas for proposals. We should take stuff out as it
  14. seems irrelevant.
  15. For protocol version 2:
  16. - Fix onionskin handshake scheme to be more mainstream, less nutty.
  17. Can we just do
  18. E(HMAC(g^x), g^x) rather than just E(g^x) ?
  19. No, that has the same flaws as before. We should send
  20. E(g^x, C) with random C and expect g^y, HMAC_C(K=g^xy).
  21. Better ask Ian; probably Stephen too.
  22. - Versioned CREATE and friends
  23. - Length on CREATE and friends
  24. - Versioning on circuits
  25. - Versioning on create cells
  26. - SHA1 is showing its age
  27. - Not being able to upgrade ciphersuites or increase key lengths is
  28. lame.
  29. - Paul has some ideas about circuit creation; read his PET paper once it's
  30. out.
  31. - Allow more TLS ciphersuites.
  32. Any time:
  33. - Some ideas for revising the directory protocol:
  34. - Should we also look into a "delta since last network-status
  35. checkpoint" scheme, to reduce overhead further?
  36. - Extend the "r" line in network-status to give a set of buckets (say,
  37. comma-separated) for that router.
  38. - Buckets are deterministic based on IP address.
  39. - Then clients can choose a bucket (or set of buckets) to
  40. download and use.
  41. - We need a way for the authorities to declare that nodes are in a
  42. family. Also, it kinda sucks that family declarations use O(N^2) space
  43. in the descriptors.
  44. - REASON_CONNECTFAILED should include an IP.
  45. - Spec should incorporate some prose from tor-design to be more readable.
  46. - Spec when we should rotate which keys
  47. - Spec how to publish descriptors less often
  48. - Describe pros and cons of non-deterministic path lengths
  49. - get rid of the Named flag, or automate it at the dir auth end,
  50. or automate it at the client end, or something.
  51. - We should use a variable-length path length by default -- 3 +/- some
  52. distribution. Need to think harder about allowing values less than 3,
  53. and there's a tradeoff between having a wide variance and performance.
  54. Things that should change...
  55. B.1. ... but which will require backward-incompatible change
  56. - Circuit IDs should be longer.
  57. - IPv6 everywhere.
  58. - Maybe, keys should be longer.
  59. - Maybe, key-length should be adjustable. How to do this without
  60. making anonymity suck?
  61. - Drop backward compatibility.
  62. - We should use a 128-bit subgroup of our DH prime.
  63. - Handshake should use HMAC.
  64. - Multiple cell lengths.
  65. - Ability to split circuits across paths (If this is useful.)
  66. - SENDME windows should be dynamic.
  67. - Directory
  68. - Stop ever mentioning socks ports
  69. B.1. ... and that will require no changes
  70. - Mention multiple addr/port combos
  71. - Advertised outbound IP?
  72. - Migrate streams across circuits.
  73. B.2. ... and that we have no idea how to do.
  74. - UDP (as transport)
  75. - UDP (as content)
  76. - Use a better AES mode that has built-in integrity checking,
  77. doesn't grow with the number of hops, is not patented, and
  78. is implemented and maintained by smart people.
  79. Let onion keys be not just RSA but maybe DH too, for Paul's reply onion
  80. design.