... | ... | @@ -132,15 +132,6 @@ Security Issues: |
|
|
|
|
|
## Plans
|
|
|
|
|
|
#### Priorities 2022
|
|
|
|
|
|
- Get Arti to a production level.
|
|
|
- Build the network engine for the VPN solution.
|
|
|
- Make the Tor network faster for users.
|
|
|
- Interaction between censorship resistance and Tor should become better.
|
|
|
- Support mobile applications
|
|
|
- Improve network simulation, aka Shadow.
|
|
|
|
|
|
#### General Priorities
|
|
|
|
|
|
1. security fixes for medium/high severity bugs
|
... | ... | @@ -178,6 +169,94 @@ Security Issues: |
|
|
* Code base movements (archive?): torflow, pytorctl, leekspin (+ dependencies), rpm-packaging
|
|
|
* DirAuth and sbws to network health, TorDNSEL to metrics
|
|
|
|
|
|
|
|
|
#### Priorities 2023
|
|
|
|
|
|
- Get Arti to a place where we can start deprecating C-tor.
|
|
|
- Catch arti up on recent/new C tor work:
|
|
|
- conflux
|
|
|
- flow control, congestion control
|
|
|
- UDP
|
|
|
- prop340 (fragmented/packed cells)
|
|
|
- circuit padding machines
|
|
|
- ntor3 negotiation
|
|
|
- Build the network engine for the VPN solution.
|
|
|
- Make the Tor network faster for users.
|
|
|
- Support mobile applications
|
|
|
- Improve network simulation, aka Shadow.
|
|
|
- Implement defenses and mitigations agains DoS attacks
|
|
|
- Improve Onion Services support
|
|
|
|
|
|
#### By Sponsored project
|
|
|
|
|
|
####### Sponsor 61 - ending in March 31st
|
|
|
|
|
|
- Allocations: mike, ahf, dgoulet
|
|
|
- Commitments: finish the project and track indicators.
|
|
|
- conflux
|
|
|
|
|
|
####### [Sponsor 101](https://gitlab.torproject.org/groups/tpo/-/milestones/32#tab-issues) - ends in September 30th
|
|
|
|
|
|
- Allocations: ahf, eta, mike, dgoulet, nick
|
|
|
- UDP support will require mike and dgoulet
|
|
|
- Some prop340 design will require nick
|
|
|
- Commitments:
|
|
|
- UDP support
|
|
|
- Will require prop340/fragmented cells
|
|
|
- UDP client in arti -- probably needed, yeah?
|
|
|
- Objective 3 : Implement needed tor sides for the vpn
|
|
|
- O3.1: Address challenges in the Tor client’s consumption of resources.
|
|
|
- O3.2: Enhance Tor to act as a VPN service, rather than an opt-in proxy as it does today.
|
|
|
- O3.3: Make the Tor client library smaller to minimize impact on bandwidth for downloads and upgrades.
|
|
|
- O3.4: Ensure Tor VPN client works well on popular Android apps, and develop optimizations, bug fixes, and improvements where needed.
|
|
|
|
|
|
####### [Sponsor 112](https://gitlab.torproject.org/groups/tpo/-/milestones/44) - starting in April 1st
|
|
|
|
|
|
- Allocations: mike, dgoulet, ahf
|
|
|
- Nickm for some design on crypto, dos?
|
|
|
- Arti implementation for circuit padding machines, needs arti people
|
|
|
- Commitments:
|
|
|
- Objective 3: Make the Tor network more able to resist relay attacks. The goal with this Objective is simple: make it harder for people who want to run malicious relays to succeed in their goals of conducting a variety of attacks. Our approach involves implementing specific fixes to the Tor protocol to resist relay, traffic analysis, cryptographic tagging, and traffic manipulation attacks.
|
|
|
- Improved relay cryptography (Counter Galois Onion?)
|
|
|
- O3.1: Audit the Tor protocol for dropped cell and other relay side channel attacks, and fix them in Rust for Arti. (arti#724)
|
|
|
- O3.2: Implement tagging resistant ciphers to reduce the ability of relays to perform route manipulation attacks. (CGO above, prop#308)
|
|
|
- O3.3: Implement DoS defenses to reduce overall DoS overload risk to directory authorities and the network.
|
|
|
- O3.4: Implement mechanisms to support TrafficSliver and Interspace traffic analysis defenses in Arti, the Rust re-write of Tor code.
|
|
|
- O3.5: Implement formal mechanisms for detecting relays lying about their bandwidth capacity.
|
|
|
|
|
|
####### Sponsor 119 - whole year
|
|
|
|
|
|
- Allocations: nick, eta, ian, ahf, jim, technical writer
|
|
|
- (also mike for the guard-discovery-related portion?)
|
|
|
- Commitments:
|
|
|
- Onion service and client support
|
|
|
- Some kind of vanguard support
|
|
|
- Feature parity with C client
|
|
|
- Reasonably supported FFI
|
|
|
- Improved arti documentation
|
|
|
- Research on guard discovery resistence (at the end of 2023)
|
|
|
|
|
|
####### Sponsor 67 - ends Sep 30
|
|
|
|
|
|
- Allocations: jnewsome
|
|
|
- Commitments:
|
|
|
- Rust migration
|
|
|
- Fork+exec (shell scripts; pluggable transports)
|
|
|
- tcp/ip tuning
|
|
|
- udp? probably not so used as of today
|
|
|
- Perf clients+servers that run QUIC/HTTP3 instead of HTTP might be a good start here
|
|
|
|
|
|
####### "Onion Services Support" - whole year
|
|
|
|
|
|
- Allocations:
|
|
|
- 2 new engineers for 2 years focus on onion services support
|
|
|
- rhatto
|
|
|
- dgoulet, ahf
|
|
|
- Commitments:
|
|
|
- Tags: "Onion Services" + ("Performance", "Performance Impact", "DoS")
|
|
|
- No working plan yet.
|
|
|
- Working in C and Arti.
|
|
|
|
|
|
#### Roadmaps
|
|
|
|
|
|
* [Lived work-board of what is happening right now at the team](https://gitlab.torproject.org/groups/tpo/core/-/boards).
|
... | ... | |