[tor-dev] Alternative Implementations of Tor

Alexander Færøy ahf at 0x90.dk
Wed Aug 17 15:01:27 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello.

Over the past year I've been hacking, on and off, on an implementation
of Tor in the Erlang programming language. The project started out after
I met Linus Nordberg at the Erlang User Conference in the summer of 2015
- -- a couple of weeks before the CCC Camp in Germany. Linus and I
discussed what it would take to get a very basic implementation of a Tor
relay up and running in Erlang.

The project has been named Talla, which is still open for change --
especially if it collides with an already established project within the
wider Tor development community. I was unable to find any name clashes
myself, but I may very well have overlooked something.

The parts of Talla that is implemented in "pure" Erlang is going to be
licensed under a two-clause BSD license. Talla also contains a "module"
which is using Tor's ed25519 ref10 implementation (Thanks to Yawning for
a great amount of help there) -- that module is licensed under the same
license as Tor itself.

I'm now at the point where things are slowly starting to take form. The
important pieces of the code have so far been kept available only to a
tiny group of close friends that I trust not to share the code until I,
and possibly other people, considers that the code is stable enough for
the wilderness of the wider internet.

There is, to my knowledge, currently only one implementation of Tor that
is actively in use on the production network, which is the C
implementation. I'm aware of a Haskell implementation made by Galois,
which to me mostly seemed like it was designed to be building blocks for
writing more specialized clients and doing research with the Tor
network. Last time I looked, the Haskell implementation's main function
was doing a DNS lookup through a circuit within the Tor network and then
quitting. I was also told there had been an implementation in Go that
have had activity on the production network, but that project was
abandoned by its maintainer.

In general I'm a bit uncertain about the "best practices" of dealing with a
third party Tor implementation, which Talla is.

I'm writing this email to receive suggestions, comments, and possibly
creative ideas about the following:

1. What is the general criteria set from the Tor project's perspective
   on when it is acceptable to make alternative Tor implementations
   available to the general public?

   I'm currently testing Talla using Chutney with a mixture of NTOR and
   pre-NTOR Tor daemons running (inspired by one of the configuration
   files in the Chutney repository, which referred to a 'tor-old'
   binary).

   My current plan is to stabilize Talla further until my gut feeling is
   that I can try to announce a single, middle, relay to the production
   Tor network. This relay will, of course, have a platform-string set
   to something easily identifiable like "Talla 0.0.1 (...)" and the
   contact-string set to a valid method of reaching out to me with, in
   its announced server descriptor. I will closely monitor that things
   are going as I expect and probably turn it off shortly after the
   test, when I have seen that my code isn't too "crashy" -- this will
   most likely be repeated a number of times until I'm satisfied with
   the results.

   Could I do more to ensure that the people caring for the network as a
   whole wont fear me pressing the start-button here?

2. I will not do any classical releases (as in packagable .tar.gz) until
   I'm past the point where my gut feelings are telling me that my code is
   reasonably stable for the production network of Tor.

   I will, in a very visible location, request that no distribution
   developers makes any packages of the code until there is a release.

   I think this is already the norm, but I guess being explicit won't
   hurt.

3. I will write, also in a visible location, a warning that the code is
   not production ready and that people should probably stick to running a
   Tor relay using the official Tor daemon and point to the installation
   instructions on torproject.org.

4. Not have any installation documentation and hope that Erlang is still
   an esoteric enough language to make people pass by without trying :-)

5. Talla will not have any references to the directory authorities that
   are currently used for the Tor production network. This means that
   anyone who is interested in running Talla will have to explicitly set
   the directory authority servers in Talla's configuration file.

   This will allow people who want to toy around with it together with
   Chutney to be easily able to do that.

Why am I asking all these questions now, when I could just wait until
Talla is ready? In two weeks there will be a smaller hacker camp in
Denmark, named BornHack, where I was planning on giving a talk on the
development of Talla, the design of the Erlang application, some of the
many refactoring periods there have been, general information about how
Tor works, and the testing of Talla. At the same time of the
presentation I want to make all of the code for Talla available for the
audience and public to see even though it at this point is not ready for
"production usage" on the public Tor network.

I hope this email will also allow us to discuss the wider concept of a
network where there exists multiple implementations and the consequences
of that. It might be there are other people hacking on a Tor
implementation in their favourite language :-)

I'm also on IRC as 'ahf' if anybody wants to talk about things regarding
Talla that is outside of the scope of this email.

Thanks you!

Cheers,
Alex.

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXtHtlAAoJEPm8L+IrCM6PNl4P/08HCGnEpLADudaul9KX4bzL
OqcygCP6AXpFUZdUqsD+hgPRgi97NYaNZas/hWimQyye3OfLw4EH29lukGiBrIZu
Fp+bT2CAsan8Nn+Vb3rH0em1PPOyXYJ/qhYrXex/CPk5kY7CIatbwau9AgwylAKs
8G3wz364EQaAwq5v4BVTieenFxtNXfnjwtlPkNhtJUgRDwrj16v2IqwN1C6nIq2p
E86Vok4ToWKwfzIshf2wESSGWHZ+K9bpZs+e1GnSkY4VgwpKE1Swp/8IhIlxa843
KO4EknByZIWqZrEORCd43nok88hW8tpbnuoMCE5HGMJzw/KTwQrSiS794cAnyhYt
6yokEUO3JdwRuJxLPzmLZc8tBniBaKuGfRbqC7XAurJkgq+UgLukgYWnlyvHlap+
RZaNpMqFQf8grMHWGd6ffxYzAcIc+935XN4D54Ua17seIpDHnKGKS04ZmKwBeCxy
myafcqSxJsNrqYEN40QrtYdgU0zv74S75uU/DHAHcOcaPyAy5yHGAqAdOeGvtpV5
6/VAQDwbOPncfIntoU8FUjKcpKJBn5csltuknwDiWKFYLfAVqVawMYO2Ef12hDul
7SuqOksSL2Yx59m/0Bu8i0QARxZBw8x8TzuQ7RJkNmDeTR17ugDOIaBKV1Se9fgS
JaHsOgLd/G0T7S4PT5vQ
=IeQJ
-----END PGP SIGNATURE-----

-- 
Alexander Færøy


More information about the tor-dev mailing list