[tor-reports] George's status report: July 2014
George Kadianakis
desnacked at riseup.net
Sat Aug 2 16:46:47 UTC 2014
# Activites of July 2014
- Continued work on guard security:
Made some progress on #12595, designing a better interface and data
structures for entry guards. That is, some system that will ensure
that entry guard order is always respected and no entry guard skips
(like #12466 and #12450) can happen. Nick suggested formalizing the
wanted interface a bit, and specifying inputs/outputs and the
various events that can happen.
Helped Roger with #12690 and #12688 which are now merged and
initiate the deployment of proposal 236. Specifically, they add a
consensus parameter that makes the number of guard configurable [0],
and also increases the bandwidth requirement for being a guard from
250KB/s to 2MB/s [1]. Roger released tor-0.2.5.6-alpha with those
patches and authorities will need to upgrade to it.
I also started a [tor-dev] thread [2] on guard discovery attacks and
possible ways of patching them. Specifically, we considered making
the middle nodes a bit more static, but the idea was quickly shot
down by Ian [3]. More research needs to happen in this area because
it's a threatening problem.
- During the Tor meeting in Paris, and with the help of Yawning and
Ximin, we sketched an initial PT roadmap. We tried to peek in the
following months and write down our short-term and medium-term
plans. You can find it in the wiki [4]. The roadmap is not entirely
done yet, and will likely be revised in the upcoming weeks.
I also sent an email to [tor-dev] [5] asking what little-t-tor PT
features we should consider in the roadmap. Got some useful feedback
by David and Kevin that needs to be considered.
- Did some obfsproxy maintainance.
I merged Philipp's remaining scramblesuit patches (#11271).
I tried to fix #12381 but that revealed a bigger problem with
pywin32 and py2exe that makes obfsproxy/FTE with proxy support
unbuildable for Windows. Georg was looking into it.
I tagged a new obfsproxy release.
- The new PT spec got merged to torspec.git [6]! Feel free to submit
patches and improvements.
- Discussed the bridge reachability problem with the OONI team. We all
agreed that bridge reachability is a very important topic where OONI
could be used, and the OONI team has been looking into it [7].
The OONI team has also scheduled weekly meetings in IRC.
The project is aiming to be a system that can evaluate whether Tor
(and specific PTs) are blocked from various jurisdictions all around
the world. Ideally, the data should be exposed to Tor devs (so that
we learn which PTs and bridge distribution methods have been
busted), to Tor users through BridgeDB (so that they are only given
bridges that will work for them) and also to the general curious
public (who is interested on whether Tor works from a specific area).
The relevant trac ticket is #12544.
# Activites for August 2014
- More work on the guard stuff.
The next pieces to proposal 236 is #12598, increasing the lifetime
period of guards (it's currently 3 months) [8], and #9321, fixing
the guard usage decline problem [9].
On #12598, we are still a bit unsure whether 9 months is the best
choice to increase guard lifetime to, as it was originally suggested
by proposal 236. We will have to see how much the security improves
by increasing the guard lifetime to less months (5 or 6), because
these might be better choices than 9 months. We also need to
understand how we change security by only switching to one guard,
without changing the guard lifetime period at all.
On #9321, I started working on the python script that crunches
consensus documents to output how old each guard is. This will help
us load balance traffic better, since young guards don't get much
traffic on their own. I started a [tor-dev] thread [10] to discuss
some initial findings and during August I will integrate the python
script with Tor. I will soon publish the source code of the script
in case someone is in the mood for review.
Another project that needs to happen to increase guard security
is #1258, which will make all relays also be directory servers. This
is essential so that all entry guards can eventually also become
directory guards. Matt posted a draft proposal to [tor-dev] [11]
that will need to be reviewed and eventually implemented. I will try
to help with this project.
- Revisit the rough PT roadmap with Yawning and identify missing items
that we should do. Also, read the relevant [tor-dev] thread [12] to
collect more ideas.
- Help Marc Juarez with the problems he has been facing with obfsproxy
and wfpadtools [13].
- Work on the bridge reachability problem with the OONI team. We were
also discussing a potential code sprint in Europe during Q3 2014, to
accelerate the project more.
- The Pluggable Transports-part of the website needs to be
improved. The installation instructions need to be improved too, and
they need to mention more PTs (like FTE). I need to do this, or find
someone who is interested in doing it :)
Have a good day!
[0]: https://gitweb.torproject.org/torspec.git/blob/2180422f4a1fd51ea25fa3822c830581f7a56c43:/proposals/236-single-guard-node.txt#l24
[1]: https://gitweb.torproject.org/torspec.git/blob/2180422f4a1fd51ea25fa3822c830581f7a56c43:/proposals/236-single-guard-node.txt#l145
[2]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007122.html
[3]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007123.html
[4]: https://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting/Roadmaps#PT
[5]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007128.html
[6]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/pt-spec.txt
[7]: https://lists.torproject.org/pipermail/ooni-talk/2014-July/000003.html
[8]: https://gitweb.torproject.org/torspec.git/blob/2180422f4a1fd51ea25fa3822c830581f7a56c43:/proposals/236-single-guard-node.txt#l69
[9]: https://gitweb.torproject.org/torspec.git/blob/2180422f4a1fd51ea25fa3822c830581f7a56c43:/proposals/236-single-guard-node.txt#l101
[10]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007269.html
[11]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007247.html
[12]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007128.html
[13]: https://lists.torproject.org/pipermail/tor-reports/2014-August/000606.html
More information about the tor-reports
mailing list