Add Torflow+Torbutton projects to volunteer page.
Mike Perry

Mike Perry commited on 2008-03-11 08:10:26
Zeige 1 geänderte Dateien mit 122 Einfügungen und 11 Löschungen.

... ...
@@ -436,18 +436,129 @@ also requires a lot of coding.
436 436
 </li>
437 437
 
438 438
 <li>
439
-<b>TorFlow improvements</b>
440
-<br />
441
-Help Mike Perry on his <a
442
-href="https://www.torproject.org/svn/torflow/">TorFlow</a>
443
-library (<a href="https://www.torproject.org/svn/torflow/TODO">TODO</a>):
444
-it's a python library that uses the <a
445
-href="https://www.torproject.org/svn/torctl/doc/howto.txt">Tor controller
446
-protocol</a> to instruct Tor to build circuits in a variety of ways,
447
-and then it measures performance and tries to detect anomalies.
448
-Help detect bad relays and automatically get that
449
-info to the directory authorities for realtime blacklisting.
439
+<b>Tor Exit Scanner Improvements</b>
440
+<br />
441
+Priority: <i>High</i>
442
+<br />
443
+Effort Level: <i>High</i>
444
+<br />
445
+Likely Mentors: <i>Mike Perry</i>
446
+
447
+<br />
448
+The Tor exit node scanner 'SoaT', part of the <a
449
+href="https://www.torproject.org/svn/torflow/">Torflow project</a>, is
450
+currently written in rather rickety perl and relies on MD5sums of
451
+entire documents in order to determine if exit nodes are modifying
452
+content. The problem with this is threefold: 1) Perl sucks at life.
453
+2) The scanner can't verify pages that are dynamic, and attackers can
454
+focus malicious content injection on only those dynamic pages. 3)
455
+Pages change after a while (or based on GeoIP) and begin generating
456
+false positives.
457
+<br />
458
+Ideally, soat.pl would be reimplemented in a sane language with a
459
+robust html parser library (since the rest of Torflow is in Python,
460
+that would be nice, but not required), and calculate signatures only for
461
+tags and content likely to be targeted by a malicious attacker (script
462
+tags, object links, images). It should also be robust in the face of
463
+changes to content outside of Tor, and ultimately even GeoIP localized
464
+content.
465
+<br />
466
+This scanner would likely be run by the directory authorities and
467
+report its results to the control port via the AuthDirBadExit config
468
+setting.
469
+<br />
470
+</li>
471
+<li>
472
+<b>Tor Node Scanner Improvements</b>
473
+<br />
474
+Priority: <i>High</i>
475
+<br />
476
+Effort Level: <i>Medium-High</i>
477
+<br />
478
+Likely Mentors: <i>Mike Perry</i>
479
+<br />
480
+Similar to the exit scanner (or perhaps even during exit scanning),
481
+statistics can be gathered about the reliability of nodes. Nodes that
482
+fail a certain percentage of their circuits should not be used for
483
+Guard status, and perhaps should have their reported bandwidth
484
+penalized by some ratio as well, or just get marked as Invalid. In
485
+addition, nodes that exhibit a very low average stream capacity but
486
+advertise a very high node bandwidth can also be marked as Invalid.
487
+Much of this statistics gathering is already done, it just needs to be
488
+transformed into something that can be reported to the Directory
489
+Authorities to blacklist/penalize nodes in such a way that clients
490
+will listen.
491
+<br />
492
+In addition, these same statistics can be gathered about the traffic
493
+through a node. Events can be added to the <a
494
+href="https://www.torproject.org/svn/torctl/doc/howto.txt">Tor Control
495
+Protocol</a> to
496
+report if a circuit extend through the node succeeds or fails, and
497
+passive statistics can be gathered on both bandwidth and reliability
498
+of other nodes via a node-based monitor using these events. Such a
499
+scanner which would also report information on oddly-behaving nodes to
500
+the Directory Authorities, but a communication channel for this
501
+currently does not exist and would need to be developed as well.
502
+</li>
503
+<li>
504
+<b>Tor path selection improvements</b>
505
+<br />
506
+Priority: <i>High</i>
507
+<br />
508
+Effort Level: <i>Low-Medium</i>
509
+<br />
510
+Likely Mentors: <i>Mike Perry</i>
511
+<br />
512
+Some simple improvements can be made to Tor's path selection to vastly
513
+improve Tor speed. For instance, some of the (unofficial) <a
514
+href="http://wiki.noreply.org/noreply/TheOnionRouter/FireFoxTorPerf">Tor
515
+Performance Recommendations</a> on the wiki are to increase the number of
516
+guards and decrease the CircuitBuildTimeout. Ideally, the client would
517
+learn these values by gathering statistics on circuit construction
518
+time (and/or using values gained from Torflow), and set the timeouts
519
+low enough such that some high percentile (75%, 90%, 1-stddev?) of
520
+circuits succeed, yet extremely slow nodes are avoided. This would
521
+involve some statistics gathering+basic research, and some changes to 
522
+Tor path selection code.
523
+<br />
524
+
525
+In addition, to improve path security, some elements from the <a
526
+href="http://www.torproject.org/svn/trunk/doc/spec/proposals/115-two-hop-paths.txt">Two
527
+Hop Paths proposal</a> could be done as part of this (since it will
528
+likely touch the same code anyways), regardless of the adoption of
529
+thatproposal. In particular, clients probably should avoid guards thatseem to
530
+fail an excessive percentage of their circuits through them, and non-bridged
531
+clients should issue a warn if they are only able toconnect to a limited set
532
+of guard nodes.
533
+
534
+</li>
535
+<li>
536
+<b>Torbutton improvements</b>
537
+<br />
538
+Priority: <i>Low</i>
539
+<br />
540
+Effort Level: <i>Medium-High</i>
541
+<br />
542
+Likely Mentors: <i>Mike Perry</i>
543
+<br/>
544
+
545
+Torbutton has a number of improvements that can be made in the post-1.2
546
+timeframe. Most of these are documented as feature requests in the <a
547
+href="https://bugs.torproject.org/flyspray/index.php?tasks=all&project=5">Torbutton
548
+flyspray section</a>. Good examples include: stripping off node.exit on http
549
+headers, more fine-grained control over formfill blocking, improved referrer
550
+spoofing based on the domain of the site (a-la refspoof extension), tighter
551
+integration with Vidalia for reporting Tor status, a New Identity button with
552
+Tor integration and multiple identity management, and anything else you might
553
+think of. 
450 554
 
555
+<br />
556
+
557
+This work would be independent coding in Javascript and the fun world of <a
558
+href="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">XUL</a>,
559
+with not too much involvement in the Tor internals.
560
+
561
+</li>
451 562
 <li>
452 563
 <b>Help track the overall Tor Network status</b>
453 564
 Torstatus. Set up an automated system for tracking network health
454 565