| blob | 8e836e974f2623423fa4bcfe0ccbbe9342b9a5e6 |
2 Legend:
3 SPEC!! - Not specified
4 SPEC - Spec not finalized
5 NICK - nick claims
6 ARMA - arma claims
7 - Not done
8 * Top priority
9 . Partially done
10 o Done
11 D Deferred
12 X Abandoned
14 For 0.0.2pre17:
15 o Put a H(K | handshake) into the onionskin response
16 o Make cells 512 bytes
17 o Reduce streamid footprint from 7 bytes to 2 bytes
18 X Check for collisions in streamid (now possible with
19 just 2 bytes), and back up & replace with padding if so
20 o Use the 4 reserved bytes in each cell header to keep 1/5
21 of a sha1 of the ongoing relay payload (move into stream header)
22 o Move length into the stream header too
23 o Make length 2 bytes
24 D increase DH key length
25 D increase RSA key length
26 D Spec the stream_id stuff. Clarify that nobody on the backward
27 stream should look at stream_id.
29 Cell:
30 ACI (anonymous circuit identifier) [2 bytes]
31 Command [1 byte]
32 Payload (padded with 0 bytes) [509 bytes]
34 Relay payload:
35 Relay command [1 byte]
36 Stream ID [7 bytes]
37 Partial SHA-1 [4 bytes]
38 Length [2 bytes]
39 Relay payload [495 bytes]
41 For 0.0.2pre15:
42 o don't pick exit nodes which will certainly reject all things.
43 o don't pick nodes that the directory says are down
44 o choose randomly from running dirservers, not just first one
45 o install the man page
46 o warn when client-side tries an address/port which no router in the dir accepts.
48 For 0.0.2pre14:
49 o More flexible exit policies (18.*, 18.0.0.0/8)
50 o Work to succeed in the precense of exit policy violation
51 o Replace desired_path_len with opaque path-selection specifier
52 o Client-side DNS caching
53 o Add entries to client DNS cache based on END cells
54 o Remove port from END_REASON_EXITPOLICY cells
55 o Start building new circuits when we get an exit-policy
56 failure. (Defer exiting from the middle of existing
57 circuits or extending existing circuits for later.)
58 o Implement function to check whether a routerinfo_t
59 supports a given exit addr.
60 o Choose the exit node of an in-progress circuit based on
61 pending AP connections.
62 o Choose the exit node _first_, then beginning, then
63 middle nodes.
65 Short-term:
66 - improve how it behaves when i remove a line from the approved-routers files
67 - Make tls connections tls_close intentionally
68 o Rename ACI to circID
69 . integrate rep_ok functions, see what breaks
70 - update tor faq
71 o obey SocksBindAddress, ORBindAddress
72 o warn if we're running as root
73 o make connection_flush_buf() more obviously obsolete
74 o let hup reread the config file, eg so we can get new exit
75 policies without restarting
76 o Put recommended_versions in a config entry
77 X use times(2) rather than gettimeofday to measure how long it
78 takes to process a cell
79 o Separate trying to rebuild a circuit because you have none from trying
80 to rebuild a circuit because the current one is stale
81 X Continue reading from socks port even while waiting for connect.
82 o Exit policies
83 o Spec how to write the exit policies
84 o Path selection algorithms
85 o Choose path more incrementally
86 o Let user request first/last node
87 o And disallow certain nodes
88 D Choose path by jurisdiction, etc?
89 o Make relay end cells have failure status and payload attached
90 X let non-approved routers handshake.
91 - Dirserver shouldn't put you in running-routers list if you haven't
92 uploaded a descriptor recently
93 . migrate to using nickname rather than addr:port for routers
94 o decide_aci_type
95 - generate onion skins
96 - circuit_send_next_onion_skin
97 - circuit_extend
98 - onion_generate_cpath
99 - get_unique_aci_by_addr_port
100 - circ->n_addr and circ->n_port
101 - circuit_enumerate_by_naddr_nport
102 - cpath layers
103 - connection_or_connect
104 - connection_exact_get_by_addr_port
105 - connection_twin_get_by_addr_port
106 - router_get_by_addr_port
107 - connection_or_init_conn_from_router
108 - tag_pack, tag_unpack, connection_cpu_process_inbuf
109 - directory_initiate_command
110 . Move from onions to ephemeral DH
111 o incremental path building
112 o transition circuit-level sendmes to hop-level sendmes
113 o implement truncate, truncated
114 o move from 192byte DH to 128byte DH, so it isn't so damn slow
115 - exiting from not-last hop
116 - OP logic to decide to extend/truncate a path
117 - make sure exiting from the not-last hop works
118 - logic to find last *open* hop, not last hop, in cpath
119 o Remember address and port when beginning.
120 - Extend by nickname/hostname/something, not by IP.
121 - Need a relay teardown cell, separate from one-way ends.
122 - remove per-connection rate limiting
123 - Make it harder to circumvent bandwidth caps: look at number of bytes
124 sent across sockets, not number sent inside TLS stream.
125 - make 'make test' exit(1) if a test fails.
126 - fix buffer unit test so it passes
128 On-going
129 . Better comments for functions!
130 . Go through log messages, reduce confusing error messages.
131 . make the logs include more info (fd, etc)
132 . Unit tests
133 . Update the spec so it matches the code
135 Mid-term:
136 - Rotate tls-level connections -- make new ones, expire old ones.
137 So we get actual key rotation, not just symmetric key rotation
138 o Are there anonymity issues with sequential streamIDs? Sequential
139 circIDs? Eg an attacker can learn how many there have been.
140 The fix is to initialize them randomly rather than at 1.
141 - Look at having smallcells and largecells
142 . Redo scheduler
143 o fix SSL_read bug for buffered records
144 - make round-robining more fair
145 - What happens when a circuit's length is 1? What breaks?
146 . streams / circuits
147 o Implement streams
148 o Rotate circuits after N minutes?
149 X Circuits should expire when circuit->expire triggers
150 NICK . Handle half-open connections
151 o openssh is an application that uses half-open connections
152 o Figure out what causes connections to close, standardize
153 when we mark a connection vs when we tear it down
154 o Look at what ssl does to keep from mutating data streams
155 o Put CPU workers in separate processes
156 o Handle multiple cpu workers (one for each cpu, plus one)
157 o Queue for pending tasks if all workers full
158 o Support the 'process this onion' task
159 D Merge dnsworkers and cpuworkers to some extent
160 o Handle cpuworkers dying
161 . Scrubbing proxies
162 - Find an smtp proxy?
163 - Check the old smtp proxy code
164 o Find an ftp proxy? wget --passive
165 D Wait until there are packet redirectors for Linux
166 . Get socks4a support into Mozilla
167 . Develop rendezvous points
168 X Handle socks commands other than connect, eg, bind?
169 o Design
170 - Spec
171 - Implement
172 . Tests
173 o Testing harness/infrastructure
174 D System tests (how?)
175 - Performance tests, so we know when we've improved
176 . webload infrastructure (Bruce)
177 . httperf infrastructure (easy to set up)
178 . oprofile (installed in RH >8.0)
179 NICK . Daemonize and package
180 o Teach it to fork and background
181 - Red Hat spec file
182 - Debian spec file equivalent
183 . Portability
184 . Which .h files are we actually using?
185 . Port to:
186 o Linux
187 o BSD
188 . Solaris
189 o Cygwin
190 . Win32
191 o OS X
192 - deal with pollhup / reached_eof on all platforms
193 o openssl randomness
194 o inet_ntoa
195 o stdint.h
196 - Make a script to set up a local network on your machine
197 o More flexibility in node addressing
198 D Support IPv6 rather than just 4
199 o Handle multihomed servers (config variable to set IP)
201 In the distant future:
202 D Load balancing between router twins
203 D Keep track of load over links/nodes, to
204 know who's hosed
205 SPEC!! D Non-clique topologies
206 D Implement our own memory management, at least for common structs
207 (Not ever necessary?)
208 D Advanced directory servers
209 D Automated reputation management
210 SPEC!! D Figure out how to do threshold directory servers
211 D jurisdiction info in dirserver entries? other info?
213 Older (done) todo stuff:
215 o Get tor to act like a socks server
216 o socks4, socks4a
217 o socks5
218 o routers have identity key, link key, onion key.
219 o link key certs are
220 D signed by identity key
221 D not in descriptor
222 o not in config
223 D not on disk
224 o identity and onion keys are in descriptor (and disk)
225 o upon boot, if it doesn't find identity key, generate it and write it.
226 o also write a file with the identity key fingerprint in it
227 o router generates descriptor: flesh out router_get_my_descriptor()
228 o Routers sign descriptors with identity key
229 o routers put version number in descriptor
230 o routers should maybe have `uname -a` in descriptor?
231 o Give nicknames to routers
232 o in config
233 o in descriptors
234 o router posts descriptor
235 o when it boots
236 o every DirFetchPostPeriod seconds
237 D when it changes
238 o change tls stuff so certs don't get written to disk, or read from disk
239 o make directory.c 'thread'safe
240 o dirserver parses descriptor
241 o dirserver checks signature
242 D client checks signature?
243 o dirserver writes directory to file
244 o reads that file upon boot
245 o directory includes all routers, up and down
246 o add "up" line to directory, listing nicknames
247 o instruments ORs to report stats
248 o average cell fullness
249 o average bandwidth used
250 o configure log files. separate log file, separate severities.
251 o what assumptions break if we fclose(0) when we daemonize?
252 o make buffer struct elements opaque outside buffers.c
253 o add log convention to the HACKING file
254 o make 'make install' do the right thing
255 o change binary name to tor
256 o change config files so you look at commandline, else look in
257 /etc/torrc. no cascading.
258 o have an absolute datadir with fixed names for files, and fixed-name
259 keydir under that with fixed names
260 o Move (most of) the router/directory code out of main.c
261 o Simple directory servers
262 o Include key in source; sign directories
263 o Signed directory backend
264 o Document
265 o Integrate
266 o Add versions to code
267 o Have directories list recommended-versions
268 o Include line in directories
269 o Check for presence of line.
270 o Quit if running the wrong version
271 o Command-line option to override quit
272 o Add more information to directory server entries
273 o Exit policies
274 o Clearer bandwidth management
275 o Do we want to remove bandwidth from OR handshakes?
276 o What about OP handshakes?
277 X Move away from openssl
278 o Abstract out crypto calls
279 X Look at nss, others? Just include code?
280 o Use a stronger cipher
281 o aes now, by including the code ourselves
282 X On the fly compression of each stream
283 o Clean up the event loop (optimize and sanitize)
284 o Remove that awful concept of 'roles'
285 o Terminology
286 o Circuits, topics, cells stay named that
287 o 'Connection' gets divided, or renamed, or something?
288 o DNS farm
289 o Distribute queries onto the farm, get answers
290 o Preemptively grow a new worker before he's needed
291 o Prune workers when too many are idle
292 o DNS cache
293 o Clear DNS cache over time
294 D Honor DNS TTL info (how??)
295 o Have strategy when all workers are busy
296 o Keep track of which connections are in dns_wait
297 o Need to cache positives/negatives on the tor side
298 o Keep track of which queries have been asked
299 o Better error handling when
300 o An address doesn't resolve
301 o We have max workers running
302 o Consider taking the master out of the loop?
303 X Implement reply onions
304 o Total rate limiting
305 o Look at OR handshake in more detail
306 o Spec it
307 o Merge OR and OP handshakes
308 o rearrange connection_or so it doesn't suck so much to read
309 D Periodic link key rotation. Spec?
310 o wrap malloc with something that explodes when it fails
311 o Clean up the number of places that get to look at prkey