Roger Dingledine commited on 2005-09-22 04:37:39
Zeige 1 geänderte Dateien mit 0 Einfügungen und 131 Löschungen.
... | ... |
@@ -254,134 +254,3 @@ Drop by the #tor IRC channel at irc.oftc.net or email tor-volunteer@freehaven.ne |
254 | 254 |
</body> |
255 | 255 |
</html> |
256 | 256 |
|
257 |
-<li>Have NULL_REP_IS_ZERO_BYTES default to 1.</li> |
|
258 |
-<li>Implement preservation of reputation through reboots for clients |
|
259 |
-and dirservers.</li> |
|
260 |
-<li>Add in support egd or other non-OS-integrated strong entropy sources.</li> |
|
261 |
-<li>Implement a way to get autoconf to install things into ~/.tor.</li> |
|
262 |
-<li>Change server descriptors to declare log level.</li> |
|
263 |
-<li>Add in support for clients to avoid servers that are too loggy based upon user configuration of acceptable log level.</li> |
|
264 |
-<li>Separate node discovery from routing to allow neat extensions. [Goodell?] |
|
265 |
- |
|
266 |
-<ul> |
|
267 |
-<li>Add SetServerStatus control event to adjust verified/running status of nodes.</li> |
|
268 |
-<li>Add NoDownload config option to prevent regular directory downloads from happening.</li> |
|
269 |
-</ul> |
|
270 |
-</li> |
|
271 |
- |
|
272 |
-<li>Use cpuworker for more heavy lifting.</li> |
|
273 |
-<ul> |
|
274 |
-<li>Signing (and verifying) hidserv descriptors</li> |
|
275 |
-<li>Signing (and verifying) intro/rend requests</li> |
|
276 |
-<li>Signing (and verifying) router descriptors</li> |
|
277 |
-<li>Signing (and verifying) directories</li> |
|
278 |
-<li>Doing TLS handshake (this is very hard to separate out, though)</li> |
|
279 |
-</ul> |
|
280 |
- |
|
281 |
-<li>Buffer size pool: allocate a maximum size for all buffers, not a maximum size for each buffer. So we don't have to give up as quickly (and kill the thickpipe!) when there's congestion.</li> |
|
282 |
-<li>Add alternative versions of crypto.c and tortls.c to use libnss or libgcrypt+gnutls.</li> |
|
283 |
- |
|
284 |
-Translation Examples: <a |
|
285 |
-href="http://membres.lycos.fr/geolemalin/anonymat_garantit.htm">French</a>, |
|
286 |
-<a href="http://tor.freesuperhost.com/">Persian</a>, and <a |
|
287 |
-href="http://www.gamevn.com/forum/showthread.php?t=103346">Vietnamese</a>.)</li> |
|
288 |
-<li>If you know a question that should go on <a |
|
289 |
-href="http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ">the FAQ Wiki</a>, please |
|
290 |
-add it and answer it.</li> |
|
291 |
-<li>Document how to do exit node caching: tie into squid or other caching |
|
292 |
-web proxy.</li> |
|
293 |
-<li>Take a look at <a |
|
294 |
-href="http://wiki.noreply.org/wiki/TheOnionRouter/SquidProxy">Martin's |
|
295 |
-Squid and Tor page</a>, and update it to reflect Tor's <a |
|
296 |
-href="http://tor.eff.org/tor-manual.html">RedirectExit</a> config option. </li> |
|
297 |
-<li>Improve and clarify the wiki entry on <a href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ServerForFirewalledClients">port forwarding</a>.</li> |
|
298 |
-</ul> |
|
299 |
- |
|
300 |
-<h2>Testing Challenges</h2> |
|
301 |
-<ul> |
|
302 |
-<li>Test out why some of our tor servers have dns resolvers that resolve |
|
303 |
-unknown addresses to 127.0.0.1. |
|
304 |
- |
|
305 |
-<ul> |
|
306 |
-<li>Identify the servers that experience this issue. </li> |
|
307 |
-<li>Identify how to cause and repair the issue in BIND, DJBDNS, or |
|
308 |
-whatever daemon the misconfigured servers use.</li> |
|
309 |
-</ul></li> |
|
310 |
- |
|
311 |
-<li>Figure out how to setup web proxy gateways to let normal people |
|
312 |
-browse hidden services. (This has been done a few times, but nobody has |
|
313 |
-sent us code.)</li> |
|
314 |
- |
|
315 |
-<h2>Misc</h2> |
|
316 |
-<ul> |
|
317 |
-<li> </li> |
|
318 |
-</ul> |
|
319 |
- |
|
320 |
- |
|
321 |
- |
|
322 |
-<h2>Research Challenges</h2> |
|
323 |
-<ul> |
|
324 |
-<li>Arranging membership management for independence. |
|
325 |
- |
|
326 |
-<ul> |
|
327 |
-<li>Sybil defenses without having a human bottleneck.</li> |
|
328 |
-<li>How to gather random sample of nodes.</li> |
|
329 |
-<li>How to handle nodelist recommendations.</li> |
|
330 |
-<li>Consider incremental switches: a p2p tor with only 50 users has |
|
331 |
-different anonymity properties than one with 10k users, and should be |
|
332 |
-treated differently.</li> |
|
333 |
-</ul></li> |
|
334 |
- |
|
335 |
-<li>Incentives to relay; incentives to exit.</li> |
|
336 |
-<li>Allowing dissidents to relay through Tor clients.</li> |
|
337 |
-<li>Experiment with mid-latency systems. How do they impact usability, |
|
338 |
- how do they impact safety?</li> |
|
339 |
-<li>Understand how powerful fingerprinting attacks are, and experiment |
|
340 |
- with ways to foil them (long-range padding?).</li> |
|
341 |
-<li>Attacking freenet-gnunet/timing-delay-randomness-arguments.</li> |
|
342 |
- |
|
343 |
-<ul> |
|
344 |
-<li>Spec issue: if a resolve returns an IP4 and an IP6 address, |
|
345 |
- which to use?</li> |
|
346 |
-<li>Add to exit policy code</li> |
|
347 |
-<li>Make tor_gethostbyname into tor_getaddrinfo</li> |
|
348 |
-<li>Make everything that uses uint32_t as an IP address change to use |
|
349 |
- a generalize address struct.</li> |
|
350 |
-<li>Change relay cell types to accept new addresses.</li> |
|
351 |
-<li>Add flag to serverdescs to tell whether IPv6 is supported.</li> |
|
352 |
-</ul></li> |
|
353 |
- |
|
354 |
-<li>make freecap (or whichever) do what we want.</li> |
|
355 |
-<li>scrubbing proxies for protocols other than http.</li> |
|
356 |
-<li>We need better default privoxy configs to ship.</li> |
|
357 |
-<li>We need a good scrubbing HTTP proxy; privoxy is unmaintained and |
|
358 |
-sucky.</li> |
|
359 |
-<li>A DNS proxy would let unmodified socks4/socks5 apps to work |
|
360 |
-well.</li> |
|
361 |
-<li>Add SOCKS support to more applications</li> |
|
362 |
-<li>store hidden service information to disk: dirservers forget service |
|
363 |
-descriptors when they restart; nodes offering hidden services forget |
|
364 |
-their chosen intro points when they restart.</li> |
|
365 |
-<li>Server CPU load is high because clients keep asking to make new |
|
366 |
-circuits, which uses public key crypto. Possible defenses include: using |
|
367 |
-helper nodes (fixed entry nodes); rate limiting the number of create |
|
368 |
-cells handled per second; having clients retry failed extensions a few |
|
369 |
-times; implementing ssl sessions; and using hardware crypto when |
|
370 |
-available.</li> |
|
371 |
-<li>We fear we might not work very well when servers have asymmetric |
|
372 |
-bandwidth. Because Tor has separate TCP connections between each hop, if |
|
373 |
-the incoming bytes are arriving just fine and the outgoing bytes are all |
|
374 |
-getting dropped on the floor, the TCP push-back mechanisms don't really |
|
375 |
-transmit this information back to the incoming streams. Perhaps Tor |
|
376 |
-should detect when it's dropping a lot of outgoing packets, and |
|
377 |
-rate-limit incoming streams to regulate this itself? We need somebody |
|
378 |
-who's good with networks to simulate this and help design |
|
379 |
-solutions.</li> |
|
380 |
-<li>Right now the hidden service descriptors are being stored on the |
|
381 |
-dirservers, but any reliable distributed storage system would do (for |
|
382 |
-example, a DHT that allows authenticated updates). Can somebody figure |
|
383 |
-out our best options and decide if they're good enough?</li> |
|
384 |
- |
|
385 |
-</ul> |
|
386 |
- |
|
387 |
- |
|
388 | 257 |