4 SPEC - Spec not finalized
18 - deal with pollhup / reached_eof on all platforms
23 - docs for building in win
28 - overview of tor. how does it work, what's it do, pros and
29 cons of using it, why should I use it, etc.
30 - a howto tutorial with examples
31 - tutorial: how to set up your own tor network
32 - (need to not hardcode dirservers file in config.c)
33 . correct, update, polish spec
34 - document the exposed function api?
35 - document what we mean by socks.
39 - find a long-term rpm maintainer
42 - better warn/info messages
43 - let tor do resolves.
44 - extend socks4 to do resolves?
45 - make script to ask tor for resolves
47 - gather patches, submit to maintainer
48 - intercept gethostbyname and others, do resolve via tor
49 - redesign and thorough code revamp, with particular eye toward:
50 - support half-open tcp connections
52 - other transports -- http, airhook
53 - modular introduction mechanism
54 - allow non-clique topology
56 Other details and small and hard things:
57 - rend_services_introduce should check if it's failed a lot
58 recently, and not try for a while if so
59 - check tor version as soon as you get the recommended-versions
60 string, regardless of whether parsing the directory succeeded.
61 - tor should be able to have a pool of outgoing IP addresses
62 that it is able to rotate through. (maybe)
64 - buffer size pool, to let a few buffers grow huge or many buffers
66 - hidserv offerers shouldn't need to define a SocksPort
67 - when the client fails to pick an intro point for a hidserv,
68 it should refetch the hidserv desc.
69 . should maybe make clients exit(1) when bad things happen?
71 - should retry exitpolicy end streams even if the end cell didn't
72 resolve the address for you
73 - Add '[...truncated]' or similar to truncated log entries (like the directory
74 in connection_dir_process_inbuf()).
75 . Make logs handle it better when writing to them fails.
76 - Dirserver shouldn't put you in running-routers list if you haven't
77 uploaded a descriptor recently
78 . Refactor: add own routerinfo to routerlist. Right now, only
79 router_get_by_nickname knows about 'this router', as a hack to
80 get circuit_launch_new to do the right thing.
83 . Get socks4a support into Mozilla
84 - Extend by nickname/hostname/something, not by IP.
85 - Need a relay teardown cell, separate from one-way ends.
86 - Make it harder to circumvent bandwidth caps: look at number of bytes
87 sent across sockets, not number sent inside TLS stream.
88 - fix router_get_by_* functions so they can get ourselves too,
89 and audit everything to make sure rend and intro points are
90 just as likely to be us as not.
94 ***************************Future tasks:****************************
96 Rendezvous and hidden services:
98 - preemptively build and start rendezvous circs.
99 - preemptively build n-1 hops of intro circs?
100 - cannibalize general circs?
102 - standby/hotswap/redundant services.
103 - store stuff to disk? dirservers forget service descriptors when
104 they restart; nodes offering hidden services forget their chosen
105 intro points when they restart.
107 - auth mechanisms to let midpoint and bob selectively choose
110 - right now the hidserv store/lookup system is run by the dirservers;
114 Relax clique assumptions.
115 Redesign how directories are handled.
116 - Separate running-routers lookup from descriptor list lookup.
117 - Resolve directory agreement somehow.
118 - Cache directory on all servers.
119 Find and remove bottlenecks
120 - Address linear searches on e.g. circuit and connection lists.
121 Reputation/memory system, so dirservers can measure people,
122 and so other people can verify their measurements.
123 - Need to measure via relay, so it's not distinguishable.
124 Bandwidth-aware path selection. So people with T3's are picked
125 more often than people with DSL.
126 Reliability-aware node selection. So people who are stable are
127 preferred for long-term circuits such as intro and rend circs,
128 and general circs for irc, aim, ssh, etc.
129 Let dissidents get to Tor servers via Tor users. ("Backbone model")
131 Anonymity improvements:
132 Is abandonding the circuit the only option when an extend fails, or
133 can we do something without impacting anonymity too much?
134 Is exiting from the middle of the circuit always a bad idea?
135 Helper nodes. Decide how to use them to improve safety.
136 DNS resolution: need to make tor support resolve requests. Need to write
137 a script and an interface (including an extension to the socks
138 protocol) so we can ask it to do resolve requests. Need to patch
139 tsocks to intercept gethostbyname, else we'll continue leaking it.
140 Improve path selection algorithms based on routing-zones paper. Be sure
141 to start and end circuits in different ASs. Ideally, consider AS of
142 source and destination -- maybe even enter and exit via nearby AS.
143 Intermediate model, with some delays and mixing.
144 Add defensive dropping regime?
146 Make it more correct:
147 Handle half-open connections: right now we don't support all TCP
148 streams, at least according to the protocol. But we handle all that
149 we've seen in the wild.
152 Efficiency/speed/robustness:
153 Congestion control. Is our current design sufficient once we have heavy
154 use? Need to measure and tweak, or maybe overhaul.
155 Allow small cells and large cells on the same network?
156 Cell buffering and resending. This will allow us to handle broken
157 circuits as long as the endpoints don't break, plus will allow
158 connection (tls session key) rotation.
159 Implement Morphmix, so we can compare its behavior, complexity, etc.
160 Use cpuworker for more heavy lifting.
161 - Signing (and verifying) hidserv descriptors
162 - Signing (and verifying) intro/rend requests
163 - Signing (and verifying) router descriptors
164 - Signing (and verifying) directories
165 - Doing TLS handshake (this is very hard to separate out, though)
166 Buffer size pool: allocate a maximum size for all buffers, not
167 a maximum size for each buffer. So we don't have to give up as
168 quickly (and kill the thickpipe!) when there's congestion.
169 Exit node caching: tie into squid or other caching web proxy.
170 Other transport. HTTP, udp, rdp, airhook, etc. May have to do our own
171 link crypto, unless we can bully openssl into it.
174 Do all the scalability stuff above, first.
175 Incentives to relay. Not so hard.
176 Incentives to allow exit. Possibly quite hard.
177 Sybil defenses without having a human bottleneck.
178 How to gather random sample of nodes.
179 How to handle nodelist recommendations.
180 Consider incremental switches: a p2p tor with only 50 users has
181 different anonymity properties than one with 10k users, and should
182 be treated differently.