r16323@catbus: nickm | 2007-11-01 00:32:12 -0400 (90ce047a) · Commits · The Tor Project / Core / debian / tor

doc/TODO

+33 −43

Original line number	Diff line number	Diff line
		@@ -24,10 +24,10 @@ Things we'd like to do in 0.2.0.x:
		o Support for preconfigured mirror lists
		o Use a pre-shipped fallback consensus.
		o Code to install a pre-defined fallback consensus
		. Download consensuses (et al) via if-modified-since
		o Download consensuses (et al) via if-modified-since
		o Implement backend support for sending if-modified-since
		o Use it for consensuses.
		- Use it for certificates
		D Use it for certificates
		o base Guard flag on WFU rather than on MTBF.
		o Change guard calculation
		o Change dir-spec.txt
		@@ -57,6 +57,7 @@ Things we'd like to do in 0.2.0.x:
		and send netinfo and be "open".
		o On netinfo, warn if there's skew from a server.
		- Learn our outgoing IP address from netinfo cells?
		- Earliest stages of 110 (infinite-length) in v2 protocol.
		- TLS only
		- Need to get a finished TLS normalization proposal
		- Revised authentication.
		@@ -108,16 +109,16 @@ Things we'd like to do in 0.2.0.x:
		of their first test, and then never seeing use.

		- Proposals:
		. 101: Voting on the Tor Directory System (plus 103)
		- Handle badly timed certificates properly.
		. Start caching consensus documents once authorities make them;
		o 101: Voting on the Tor Directory System (plus 103)
		o Handle badly timed certificates properly.
		o Start caching consensus documents once authorities make them;
		start downloading consensus documents once caches serve
		them
		o Code to delay next download while fetching certificates to verify
		a consensus we already got.
		o Code to retry consensus download if we got one we already have.
		- Use if-modified-since on consensus download
		- Use if-modified-since on certificate download
		D Use if-modified-since on consensus download
		o Use if-modified-since on certificate download
		- Controller support
		- GETINFO to get consensus
		- Event when new consensus arrives
		@@ -140,7 +141,7 @@ Things we'd like to do in 0.2.0.x:
		o Do TLS rotation less often than "every 10 minutes" in the thrashy case.
		D Do TLS connection rotation more often than "once a week" in the
		extra-stable case.
		- Streamline how we pick entry nodes: Make choose_random_entry() have
		D Streamline how we pick entry nodes: Make choose_random_entry() have
		less magic and less control logic.
		- Refactor networkstatus generation:
		- Include "v" line in getinfo values.
		@@ -185,23 +186,22 @@ R - drop 'authority' queries if they're to our own identity key; accept
		- Make BEGIN_DIR mandatory for asking questions of bridge authorities?

		- Features (other than bridges):
		- Blocking-resistance.
		- Write a proposal; make this part of 105.
		- Audit how much RAM we're using for buffers and cell pools; try to
		trim down a lot.
		- Base relative control socket paths on datadir.
		- We should ship with a list of stable dir mirrors -- they're not
		o We should ship with a list of stable dir mirrors -- they're not
		trusted like the authorities, but they'll provide more robustness
		and diversity for bootstrapping clients.
		- Implement this as a list of routerstatus, like fake_routerstatus in
		X Implement this as a list of routerstatus, like fake_routerstatus in
		trusted_dir_derver_t?
		- Better estimates in the directory of whether servers have good uptime
		o Implemented as a fallback networkstatus consensus.
		o Better estimates in the directory of whether servers have good uptime
		(high expected time to failure) or good guard qualities (high
		fractional uptime).
		- AKA Track uptime as %-of-time-up, as well as time-since-last-down
		o AKA Track uptime as %-of-time-up, as well as time-since-last-down
		o Implement tracking
		- Make uptime info persist too.
		- Base Guard on weighted fractional uptime.
		o Make uptime info persist too.
		o Base Guard on weighted fractional uptime.
		- Make TrackHostExits expire TrackHostExitsExpire seconds after their
		last use, not their first use.
		- Limit to 2 dir, 2 OR, N SOCKS connections per IP.
		@@ -241,11 +241,15 @@ P - create a "make win32-bundle" for vidalia-privoxy-tor-torbutton
		bundle

		Nice-to-have items for 0.2.0.x, time permitting:
		- Low-priority bugs:
		- we try to build 4 test circuits to break them over different
		servers. but sometimes our entry node is the same for multiple
		test circuits. this defeats the point.

		Deferred from 0.2.0.x:
		- Proposals
		- 113: Simplifying directory authority administration
		- 110: prevent infinite-length circuits (phase one)
		. Robust decentralized storage for hidden service descriptors.
		(Karsten is working on this; proposal 114.)
		- 118: Listen on and advertise multiple ports:
		- Tor should be able to have a pool of outgoing IP addresses that it is
		able to rotate through. (maybe. Possible overlap with proposal 118.)
		@@ -258,7 +262,6 @@ Nice-to-have items for 0.2.0.x, time permitting:
		- Most address variables need to become tor_addr_t
		- Teach resolving code how to handle ipv6.
		- Teach exit policies about ipv6 (consider ipv4/ipv6 interaction!)

		- Features
		- Let controller set router flags for authority to transmit, and for
		client to use.
		@@ -267,35 +270,16 @@ Nice-to-have items for 0.2.0.x, time permitting:
		- Clients should estimate their skew as median of skew from servers
		over last N seconds.
		- More work on AvoidDiskWrites?

		- Features
		- Make a TCP DNSPort
		- Protocol work
		- MAYBE kill stalled circuits rather than stalled connections. This is
		possible thanks to cell queues, but we need to consider the anonymity
		implications.
		- Implement TLS shutdown properly when possible.

		- Low-priority bugs:
		- we try to build 4 test circuits to break them over different
		servers. but sometimes our entry node is the same for multiple
		test circuits. this defeats the point.
		- Bugs
		- If the client's clock is too far in the past, it will drop (or just not
		try to get) descriptors, so it'll never build circuits.

		- Refactoring:
		- Move all status info out of routerinfo into local_routerstatus. Make
		"who can change what" in local_routerstatus explicit. Make
		local_routerstatus (or equivalent) subsume all places to go for "what
		router is this?"

		- Build:
		- Detect correct version of libraries from autoconf script.

		- Documentation:
		- Review torrc.sample to make it more discursive.

		Deferred from 0.2.0.x:
		- Features
		- Make a TCP DNSPort
		- Refactoring
		- Make resolves no longer use edge_connection_t unless they are actually
		_on_ a socks connection: have edge_connection_t and (say)
		@@ -303,6 +287,10 @@ Deferred from 0.2.0.x:
		n_streams both be linked lists of edge_stream_t.
		- Generate torrc.{complete\|sample}.in, tor.1.in, the HTML manual, and the
		online config documentation from a single source.
		- Move all status info out of routerinfo into local_routerstatus. Make
		"who can change what" in local_routerstatus explicit. Make
		local_routerstatus (or equivalent) subsume all places to go for "what
		router is this?"
		- Blocking/scanning-resistance
		- It would be potentially helpful to https requests on the OR port by
		acting like an HTTPS server.
		@@ -313,6 +301,8 @@ Deferred from 0.2.0.x:
		descriptors we have.
		- Some mechanism for specifying that we want to stop using a cached
		bridge.
		- Build:
		- Detect correct version of libraries from autoconf script.


		Future versions: