[tor-dev] Open Proposals as of June 2012
Jacob Appelbaum
jacob at appelbaum.net
Tue Jun 19 00:30:18 UTC 2012
On 06/18/2012 11:26 PM, Nick Mathewson wrote:
> This list of open Tor proposals is based on one I sent out in May of
> last year. Since I'd like to do this more regularly, I have added to
> each description the date when I wrote it. Most of the summaries from
> older proposals are unchanged since last May; the later ones in the
> list for 6/2012 I wrote pretty quickly since I want to get out the
> door tonight for an appointment, but I want to send this list out
> without further delay.
Perhaps this would make for a nice weekly cronjob? :)
>
> OPEN, DRAFT, AND ACCEPTED PROPOSALS:
>
> 117 IPv6 exits
>
> IPv6 is still the future, but now it's the kind of future
> that's unevenly distributed. It's time to do this one so that
> IPv6 traffic can be sent over Tor.
>
> It needs updating to work properly with microdescriptors; it
> also has some open questions about DNS. (6/2012)
I'm a little unclear on the issue of DNS with regard to v6. I feel like
we're having lots of DNS blocking issues. What specifically is the
issue? Is Linus hacking on this?
>
> 131 Help users to verify they are using Tor
>
> Here's a proposal for making a torcheck-like website more reliable.
> If anybody wants to pick it up (especially somebody working on
> torcheck) and see whether it should be reopened or rejected, that
> would be a fine thing. (5/2011)
>
I've been thinking about this one a lot and I think I've come to the
conclusion that it isn't a good idea. I think as we had the .exit and we
have .onion, I think we might just want to have yet another special url.
Perhaps one that returns a totally safe bit of in band data - say, a
small home page that will tell you the status of your Tor client. This
was something Robert Hogan implemented for his Tor browser-like browser
project, I think.
It seems like a bad idea to have so many people building circuits and
then loading the same website when we can do the job locally. From a UX
perspective, I think it is cleaner and from a latency perspective, I
think it would be nicer overall. I hacked up some small api on check.tpo
for Torbutton long ago, so Torbutton could hit a url over SSL and
determine that Torbutton was routed over Tor. There are half a dozen
issues with this and well, I think we're still using it...
For Tor Browser, I think we should be smarter - a static home page with
a small bit of dynamic html that queries that same very api would
probably be a better UX experience. To build that very simple api into
the SOCKS proxy itself or into some kind of IPC with Tor's control port
would be better still.
> 146 Add new flag to reflect long-term stability
>
> From time to time we get the idea of having clients ship with a
> reasonably recent consensus (or a list of directory mirrors),
> so instead of bootstrapping from one of the authorities, they
> can bootstrap from a regular directory cache. The problem here
> is that by the time the client is run, most of the directory
> mirrors will be down or will have changed their IP. This
> proposal tries to address that.
>
> It needs analysis based on behavior of actual routers on the
> network to see whether it could work, and what parameters might
> work.
>
> Nevertheless, we should really do something like this, so that
> we can ship a list of initial directory mirrors with Tor
> (possibly via the "fallback consensus" deisgn), so that new
> bootstrapping Tor clients don't all hammer the directory
> authorities. (6/2012)
I almost wonder if the guard flag is essentially the same set of
constraints? I think we should discuss this at the TorDev in Italy if
possible...
>
>
> 195 TLS certificate normalization for Tor 0.2.4.x
>
> Here's the followup to proposal 179, containing all the parts
> of proposal 179 that didn't get built, and a couple of other
> tricks besides to try to make Tor's default protocol less
> detectable. I'm pretty psychoed about the part where we let
> relays drop in any any self-signed or CA-issued certificate
> that they like. (6/2012)
psychoed? :-)
I think while not directly certificate related, the DHE and RSA key bit
size discussion is relevant here:
https://trac.torproject.org/projects/tor/ticket/6088
Thanks for sending this mail out! I wanted to reply to other parts but I
need to do a bit of homework first.
All the best,
Jake
More information about the tor-dev
mailing list