[tor-reports] George's status report: June 2014

[George Kadianakis]

# Activities of June 2014

- During June, I mainly worked on proposal 236: "The move to a single
  guard node".

  Over the course of June, I read entrynodes.c again and again to
  understand it and figure out how the various needed features can be
  implemented.

  During the process, I opened several tickets, the most important of
  which I detail here:

  #12207, which is about improving the unittest coverage of
  entrynodes.c since currently that file has only 2% coverage. I
  posted a branch with unittests for some important functions, that
  brings coverage up to 33%. I need to do some minor cleaning of the
  branch after Nick's initial review and it's ready for more review
  and merge in 0.2.6.x.

  #12466 and #12450, these are two tickets describing edge conditions
  during which Tor can skip its primary guards and instead connect to
  lower priority guards in its guard list. These are important bugs,
  and they show that the data structures and methods used by Tor to
  pick guard nodes are not robust. I also wrote a [tor-dev] post
  about #12466 that can be found at:
  https://lists.torproject.org/pipermail/tor-dev/2014-June/007042.html
  
- I also started re-writing the PT spec to clean it up, make it more
  readable and document some features that were forgotten. I posted an
  initial version in #12434, and I need to do some minor changes
  before merge it. Comments and review are most welcome :)

# Activities for July 2014

- Since I'm sending this proposal a bit late, I have already attended
  the Tor dev meeting in Paris. It was a fruitful event with good
  actors, interesting discussions and plenty of roadmapping. As
  expected, my TODO list has been lengthened.

  Here are a few of the tasks I should do:

  * Write a tor-dev post about various improvements to proposal 236
    that we came up with during the Tor dev meeting. Also, incorporate
    them in proposal 236.

  * Continue discussion with Nick Hopper on how to protect against the
    guard identification attacks using static-ish middle nodes. Still
    unclear on whether it's the right approach, but it's not terribly
    hard to implement and it doesn't look ridiculously broken.

  * During the dev meeting, me Yawning and Ximin started composing a
    PT roadmap for the next months. We should find the photographs
    from the dev meeting, revise the notes and write the roadmap down
    on the wiki.

  * It looks like we might get funding to hire a PT polishing person.
    That's someone who is familiar with the various PTs, can build and
    QA bundles, and conduct various PT-related development tasks. We
    should start thinking of the various roles and requirements such a
    person should have and compose an open call document that will be
    posted in the blog.

  * Look more into security bug bounties. Get in contact with people
    who are familiar with them, do a survey on the prices other orgs
    offer for bugs, etc. If we have such figures ready, it's more
    likely that we will find funding for this project.

  * OONI is examining the bridge reachability problem again! #12544 is
    the master ticket for this task. I should collect a nice bridge
    dataset, and work with the OONI team to get this thing moving.

  I doubt that I will do all these things during July, but I hope I
  can prioritize correctly :)

- On the obfsproxy side, I still haven't fixed ticket #12381 (PTs +
  TOR_PT_PROXY fails on Windows). Sorry for that.

  I need to read the build.log that GeKo sent me, and see what's the
  problem with the proposed patch.

  Also, I should merge the pending scramblesuit patches because it's
  rude to let dangling code on the Internet.

  Also, I should merge bananaphone in obfsproxy, because why not (it's
  only a few more bytes of source code, and even if it breaks it
  _shouldn't_ break the other transports).

- Get the revised PT spec merged in torspec.git .