Roger Dingledine commited on 2006-05-10 05:43:26
Zeige 1 geänderte Dateien mit 74 Einfügungen und 106 Löschungen.
... | ... |
@@ -18,7 +18,7 @@ services. Get them to tell their friends.</li> |
18 | 18 |
<li>We are looking for funding and sponsors. If you like Tor's goals, please |
19 | 19 |
<a href="<page donate>">take a moment to donate to support further |
20 | 20 |
Tor development</a>. Also, if you know any |
21 |
- companies, NGOs, or other organizations that want communications |
|
21 |
+ companies, NGOs, agencies, or other organizations that want communications |
|
22 | 22 |
security, let them know about us.</li> |
23 | 23 |
</ol> |
24 | 24 |
|
... | ... |
@@ -29,42 +29,32 @@ services. Get them to tell their friends.</li> |
29 | 29 |
because we try to use hundreds of sockets, and the |
30 | 30 |
Windows kernel doesn't seem capable of handling this. <a |
31 | 31 |
href="http://wiki.noreply.org/noreply/TheOnionRouter/WindowsBufferProblems">Please |
32 |
-help us solve this!</a> It is the number one problem with growing |
|
33 |
-the Tor network currently.</li> |
|
32 |
+help us solve this!</a> Probably the best solution is to teach libevent |
|
33 |
+how to use overlapped IO rather than select() on Windows, and then adapt |
|
34 |
+Tor to the new libevent interface.</li> |
|
34 | 35 |
</ol> |
35 | 36 |
|
36 |
-<!-- |
|
37 |
-<a id="Installers"></a> |
|
38 |
-<h2><a class="anchor" href="#Installers">Installers</a></h2> |
|
39 |
-<ol> |
|
40 |
-<li>Matt Edman has written an <a |
|
41 |
-href="http://freehaven.net/~edmanm/torcp/download.html">NSIS-based |
|
42 |
-Windows installer bundle that |
|
43 |
-includes Privoxy and TorCP</a>. Can you help make it more stable and |
|
44 |
-featureful? |
|
45 |
-</li> |
|
46 |
-<li>Develop a way to handle OS X uninstallation |
|
47 |
-that is more automated than telling people to |
|
48 |
-<a href="<page docs/tor-doc-osx>#uninstall">manually remove |
|
49 |
-each file</a>. It needs to have a way to click it into action.</li> |
|
50 |
-<li>Our <a href="<cvssandbox>tor/tor.spec.in">RPM spec file</a> |
|
51 |
-needs a maintainer, so we can get back to the business of writing Tor. If |
|
52 |
-you have RPM fu, please help out.</li> |
|
53 |
-</ol> |
|
54 |
---> |
|
55 |
- |
|
56 | 37 |
<a id="Usability"></a> |
57 |
-<h2><a class="anchor" href="#Usability">Usability and Interface</a></h2> |
|
38 |
+<h2><a class="anchor" href="#Usability">Supporting Applications</a></h2> |
|
58 | 39 |
<ol> |
59 |
-<li>We need a way to intercept DNS requests so they don't "leak" while |
|
60 |
-we're trying to be anonymous. (This happens because the application does |
|
61 |
-the DNS resolve before going to the SOCKS proxy.) One option is to use |
|
62 |
-Tor's built-in support for doing DNS resolves; but you need to ask via |
|
63 |
-our new socks extension for that, and no applications do this yet. A |
|
64 |
-nicer option is to use Tor's controller interface: you intercept the |
|
65 |
-DNS resolve, tell Tor about the resolve, and Tor replies with a dummy IP |
|
66 |
-address. When the application makes a connection through Tor to that dummy |
|
67 |
-IP address, Tor automatically maps it back to the original query.</li> |
|
40 |
+<li>We need good ways to intercept DNS requests so they don't "leak" their |
|
41 |
+request to a local observer while we're trying to be anonymous. (This |
|
42 |
+happens because the application does the DNS resolve before going to |
|
43 |
+the SOCKS proxy.)</li> |
|
44 |
+<ul> |
|
45 |
+<li>We need to <a |
|
46 |
+href="http://wiki.noreply.org/noreply/TheOnionRouter/TSocksPatches">apply |
|
47 |
+all our tsocks patches</a> and maintain a new fork. We'll host it if |
|
48 |
+you want.</li> |
|
49 |
+<li>We should patch Dug Song's "dsocks" program to use Tor's |
|
50 |
+<i>mapaddress</i> commands from the controller interface, so we |
|
51 |
+don't waste a whole round-trip inside Tor doing the resolve before |
|
52 |
+connecting.</li> |
|
53 |
+<li>We need to make our <i>torify</i> script detect which of tsocks or |
|
54 |
+dsocks is installed, and call them appropriately. This probably means |
|
55 |
+unifying their interfaces, and might involve sharing code between them |
|
56 |
+or discarding one entirely.</li> |
|
57 |
+</ul> |
|
68 | 58 |
<li>People running servers tell us they want to have one BandwidthRate |
69 | 59 |
during some part of the day, and a different BandwidthRate at other parts |
70 | 60 |
of the day. Rather than coding this inside Tor, we should have a little |
... | ... |
@@ -72,52 +62,36 @@ script that speaks via the <a href="<page gui/index>">Tor Controller Interface</ |
72 | 62 |
and does a setconf to change the bandwidth rate. Perhaps it would run out |
73 | 63 |
of cron, or perhaps it would sleep until appropriate times and then do |
74 | 64 |
its tweak (that's probably more portable). Can somebody write one for us |
75 |
-and we'll put it into <a href="<cvssandbox>tor/contrib/">tor/contrib/</a>?</li> |
|
76 |
-<li>We have a variety of ways to <a |
|
65 |
+and we'll put it into <a href="<cvssandbox>tor/contrib/">tor/contrib/</a>? |
|
66 |
+This is a good entry for the <a href="<page gui/index>">Tor GUI |
|
67 |
+competition</a>.</li> |
|
68 |
+<li>Tor can <a |
|
77 | 69 |
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ChooseEntryExit">exit |
78 |
-the Tor network from a particular country</a>, but they all |
|
79 |
-require specifying the nickname of a particular Tor server. It |
|
80 |
-would be nice to be able to specify just a country, and |
|
81 |
-have something automatically pick. This requires having some |
|
82 |
-component that knows what country each Tor node is in. The <a |
|
83 |
-href="http://serifos.eecs.harvard.edu/cgi-bin/exit.pl">script on |
|
84 |
-serifos</a> manually parses whois entries for this. Maybe geolocation |
|
85 |
-data will also work?</li> |
|
70 |
+the Tor network from a particular exit node</a>, but we should be able |
|
71 |
+to specify just a country and have something automatically pick. The |
|
72 |
+best bet is to fetch Blossom's directory also, and run a local Blossom |
|
73 |
+client that fetches this directory securely (via Tor and checking its |
|
74 |
+signature), intercepts <tt>.country.blossom</tt> hostnames, and does |
|
75 |
+the right thing.</li> |
|
86 | 76 |
<li>Speaking of geolocation data, somebody should draw a map of the Earth |
87 | 77 |
with a pin-point for each Tor server. Bonus points if it updates as the |
88 |
-network grows and changes.</li> |
|
89 |
-<li>Tor provides anonymous connections, but we don't support |
|
90 |
-keeping multiple pseudonyms in practice (say, in case you |
|
91 |
-frequently go to two websites and if anybody knew about both of |
|
92 |
-them they would conclude it's you). We should find a good approach |
|
93 |
-and interface for handling pseudonymous profiles in Tor. See <a |
|
94 |
-href="http://archives.seul.org/or/talk/Dec-2004/msg00086.html">this |
|
95 |
-post</a> and <a |
|
96 |
-href="http://archives.seul.org/or/talk/Jan-2005/msg00007.html">followup</a> |
|
97 |
-for details.</li> |
|
78 |
+network grows and changes. Unfortunately, the easy ways to do this involve |
|
79 |
+sending all the data to Google and having them draw the map for you. How |
|
80 |
+much does this impact privacy, and do we have any other good options?</li> |
|
98 | 81 |
</ol> |
99 | 82 |
|
100 | 83 |
<a id="Documentation"></a> |
101 | 84 |
<h2><a class="anchor" href="#Documentation">Documentation</a></h2> |
102 | 85 |
<ol> |
103 |
-<li>Please volunteer to help maintain this website: code, content, |
|
104 |
-css, layout. Step one is to hang out on the IRC channel until we |
|
105 |
-get to know you.</li> |
|
106 |
-<li>We have too much documentation --- it's spread out too much and |
|
107 |
-duplicates itself in places. Please send us patches, pointers, and |
|
108 |
-confusions about the documentation so we can clean it up.</li> |
|
109 |
-<li>Help translate the web page and documentation into other |
|
110 |
-languages. See the <a href="<page translation>">translation |
|
111 |
-guidelines</a> if you want to help out. We also need people to help |
|
112 |
-maintain the existing Italian, French, and Swedish translations - |
|
113 |
-see the <a href="<page translation-status>">translation status |
|
114 |
-overview</a>.</li> |
|
115 |
-<li>Investigate privoxy vs. freecap vs. sockscap for win32 clients. Are |
|
116 |
-there usability or stability issues that we can track down and |
|
117 |
-resolve, or at least inform people about?</li> |
|
118 |
-<li>Can somebody help Matt Edman with the documentation and how-tos |
|
119 |
-for his <a href="http://freehaven.net/~edmanm/torcp/">Windows Tor |
|
120 |
-Controller</a>?</li> |
|
86 |
+<li>We hear that Tor users can fall victim to anonymity-breaking attacks |
|
87 |
+from javascript, java, activex, flash, etc, if they don't disable |
|
88 |
+them. Are there plugins out there (like NoScript for Firefox) that make |
|
89 |
+it easier for users to manage this risk? What is the risk exactly?</li> |
|
90 |
+<li>Is there a full suite of plugins that will replace all of Privoxy's |
|
91 |
+functionality for Firefox 1.5+? We hear Tor is much faster when you take |
|
92 |
+Privoxy out of the loop.</li> |
|
93 |
+<li>Please help Matt Edman with the documentation and how-tos for his |
|
94 |
+<a href="http://vidalia-project.net/">Tor Controller</a>.</li> |
|
121 | 95 |
<li>Evaluate and document |
122 | 96 |
<a href="http://wiki.noreply.org/wiki/TheOnionRouter/TorifyHOWTO">our |
123 | 97 |
list of programs</a> that can be configured to use Tor.</li> |
... | ... |
@@ -127,29 +101,31 @@ and freecap (Windows) seem to be good candidates.</li> |
127 | 101 |
<li>We have a huge list of <a href="http://wiki.noreply.org/noreply/TheOnionRouter/SupportPrograms">potentially useful |
128 | 102 |
programs that interface to Tor</a>. Which ones are useful in which |
129 | 103 |
situations? Please help us test them out and document your results.</li> |
104 |
+<li>Help translate the web page and documentation into other |
|
105 |
+languages. See the <a href="<page translation>">translation |
|
106 |
+guidelines</a> if you want to help out. We also need people to help |
|
107 |
+maintain the existing Italian, French, and Swedish translations - |
|
108 |
+see the <a href="<page translation-status>">translation status |
|
109 |
+overview</a>.</li> |
|
130 | 110 |
</ol> |
131 | 111 |
|
132 | 112 |
<a id="Coding"></a> |
133 | 113 |
<h2><a class="anchor" href="#Coding">Coding and Design</a></h2> |
134 | 114 |
<ol> |
135 |
-<li>We recommend Privoxy as a good scrubbing web proxy, but it's |
|
136 |
-<a href="http://wiki.noreply.org/noreply/TheOnionRouter/PrivoxyPatches">unmaintained and still has bugs</a>, especially on Windows. While we're at |
|
137 |
-it, what sensitive information is not kept safe by Privoxy? Are there |
|
138 |
-other scrubbing web proxies that are more secure?</li> |
|
139 |
-<li>tsocks appears to be unmaintained: we have collected <a |
|
140 |
-href="http://wiki.noreply.org/noreply/TheOnionRouter/TSocksPatches">several |
|
141 |
-patches</a> that need to be applied. Can somebody help us push these |
|
142 |
-upstream, and if that fails volunteer to start maintaining a new tsocks |
|
143 |
-branch? We'll help.</li> |
|
144 |
-<li>Right now the hidden service descriptors are being stored on just a few |
|
145 |
-directory servers. This is bad for privacy and bad for robustness. To get |
|
146 |
-more robustness, we're going to need to make hidden service descriptors |
|
147 |
-even less private because we're going to have to mirror them onto many |
|
148 |
-places. Ideally we'd like to separate the storage/lookup system from the |
|
149 |
-Tor directory servers entirely. Any reliable distributed storage system |
|
150 |
-will do, as long as it allows authenticated updates. As far as we know, |
|
151 |
-no implemented DHT code supports authenticated updates. What's the right |
|
152 |
-next step?</li> |
|
115 |
+<li>Right now the hidden service descriptors are being stored on just a |
|
116 |
+few directory servers. This is bad for privacy and bad for robustness. To |
|
117 |
+get more robustness, we're going to need to make hidden service |
|
118 |
+descriptors even less private because we're going to have to mirror them |
|
119 |
+onto many places. Ideally we'd like to separate the storage/lookup system |
|
120 |
+from the Tor directory servers entirely. The first problem is that we need |
|
121 |
+to design a new hidden service descriptor format to a) be ascii rather |
|
122 |
+than binary for convenience; b) keep the list of introduction points |
|
123 |
+encrypted unless you know the <tt>.onion</tt> address, so the directory |
|
124 |
+can't learn them; and c) allow the directories to verify the timestamp |
|
125 |
+and signature on a hidden service descriptor so they can't be tricked |
|
126 |
+into giving out fake ones. Second, any reliable distributed storage |
|
127 |
+system will do, as long as it allows authenticated updates, but as far |
|
128 |
+as we know no implemented DHT code supports authenticated updates.</li> |
|
153 | 129 |
<li>Tor exit servers need to do many DNS resolves in parallel. But |
154 | 130 |
gethostbyname() is poorly designed --- it blocks until it has finished |
155 | 131 |
resolving a query --- so it requires its own thread or process. So Tor |
... | ... |
@@ -173,34 +149,26 @@ just for buffers. We need better heuristics for when to shrink/expand |
173 | 149 |
buffers. Maybe this should be modelled after the Linux kernel buffer |
174 | 150 |
design, where you have many smaller buffers that link to each other, |
175 | 151 |
rather than monolithic buffers?</li> |
176 |
-<li>How do ulimits work on Win32, anyway? We're having problems, |
|
177 |
-especially on older Windowses with people running out of file |
|
178 |
-descriptors, connection buffer space, etc. (We should handle |
|
179 |
-WSAENOBUFS as needed, look at the MaxConnections registry entry, |
|
180 |
-look at the MaxUserPort entry, and look at the TcpTimedWaitDelay |
|
181 |
-entry. We may also want to provide a way to set them as needed. See <a |
|
182 |
-href="http://bugs.noreply.org/flyspray/index.php?do=details&id=98">bug |
|
183 |
-98</a>.)</li> |
|
184 |
-<li>Patches to Tor's autoconf scripts. First, we'd like our configure.in |
|
185 |
-to handle cross-compilation, e.g. so we can build Tor for obscure |
|
186 |
-platforms like the Linksys WRTG54. Second, we'd like the with-ssl-dir |
|
187 |
-option to disable the search for ssl's libraries.</li> |
|
188 | 152 |
<li>Implement reverse DNS requests inside Tor (already specified in |
189 | 153 |
Section 5.4 of <a href="<cvssandbox>tor/doc/tor-spec.txt">tor-spec.txt</a>).</li> |
190 | 154 |
<li>Perform a security analysis of Tor with <a |
191 | 155 |
href="http://en.wikipedia.org/wiki/Fuzz_testing">"fuzz"</a>. Determine |
192 | 156 |
if there are good fuzzing libraries out there for what we want. Win fame by |
193 | 157 |
getting credit when we put out a new release because of you!</li> |
194 |
-<li>How hard is it to patch bind or a DNS proxy to redirect requests to |
|
195 |
-Tor via our <a href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#CompatibleApplications">tor-resolve socks extension</a>? What about to convert UDP DNS |
|
196 |
-requests to TCP requests and send them through Tor?</li> |
|
158 |
+<li>How hard is it to patch bind or a |
|
159 |
+DNS proxy to redirect requests to Tor via our <a |
|
160 |
+href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#CompatibleApplications">tor-resolve |
|
161 |
+socks extension</a>? dsocks already does this on BSD. What about to |
|
162 |
+convert UDP DNS requests to TCP requests and send them through Tor?</li> |
|
197 | 163 |
<li>Tor uses TCP for transport and TLS for link |
198 | 164 |
encryption. This is nice and simple, but it means all cells |
199 | 165 |
on a link are delayed when a single packet gets dropped, and |
200 | 166 |
it means we can only reasonably support TCP streams. We have a <a |
201 | 167 |
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TransportIPnotTCP">list |
202 |
-of reasons why we haven't shifted to UDP transport</a>, but it would be |
|
203 |
-great to see that list get shorter.</li> |
|
168 |
+of reasons why we haven't shifted to UDP transport</a>, but it would |
|
169 |
+be great to see that list get shorter. We also have a proposed <a |
|
170 |
+href="<cvssandbox>tor/doc/tor-spec-udp.txt">specification for Tor and |
|
171 |
+UDP</a> &mash; please let us know what's wrong with it.</li> |
|
204 | 172 |
<li>We're not that far from having IPv6 support for destination addresses |
205 | 173 |
(at exit nodes). If you care strongly about IPv6, that's probably the |
206 | 174 |
first place to start.</li> |
207 | 175 |