tor-dev July 2012

tor-dev@lists.torproject.org

54 participants
68 discussions

Damian's Status Report - June 2012
by Damian Johnson 03 Jul '12

03 Jul '12

Hi all. This June I exchanged my developer hat to be a mentor instead, spending more time reviewing code than writing it myself. Fingers crossed that at least one or two of them stick around after the summer ends! As such, this status report is more about other people than me. Apologies if I miss anything. * Ravi (GSoC Student) This month Ravi discovered a bug with Tor's GETCONF method [1] and wrote numerous features including SAFECOOKIE support [2] and a GETCONF method for the controller [3]. The GETCONF handling is complicated by the accursed HiddenServiceOptions so it has needed several iterations, but I plan to merge it this week. After that Ravi already has two more feature branches lined up for me to review (*sob*)... * Beck (Volunteer) Somehow I've never been able to bring myself to do development on Windows (if you haven't seen Neal Stephenson's Hole Hawg article then I recommend it [4]). Fortunately Beck does, and has done a fantastic job of fixing stem and its tests to work there [5][6]. He also added get_version(), authenticate(), and protocolinfo() methods to the controller. * Erik and Megan (Wesleyan Students) Erik and Megan have been focusing on stem's tests, first submitting a couple fixes for the mocking module [7][8] then writing unit and integration tests for the proc utilities [9]. Next they plan to implement the CSV export functionality suggested by naif [10]. * Sathyanarayanan (Volunteer) Though work has kept him pretty occupied, Sathyanarayanan has been working on an ExitPolicy class [11] and is presently at the dev meeting making plans to implement a python based Onionoo. * Karsten Though he isn't hacking on stem itself, Karsten has been helping by reviewing its descriptor handling and suggesting improvements [12][13]. Besides those, I implemented a few stem improvements too this month... * Sphinx Documentation At the start of June I rewrote stem's documentation into reStructuredText so it could be compiled by Sphinx. The results are very pretty... http://www.atagar.com/transfer/tmp/stem_html_12_06_05/ * Python 2.5 Compatibility Stem aims to support python versions 2.5 and above (in the 2.x series). However, most of our development has been on 2.7, letting backward incompatible changes slip in inadvertently. This ended up being a two week bug fixing odyssey, but now that it's done stem and its tests should now work if users want an interpretor that harks back to 2006... * Test Freezing Issue on Mac OSX Both Sathyanarayanan and Karsten reported that stem's integ tests freeze on Mac OSX. After a dozen hours of hair pulling I've narrowed it down to an issue where control sockets are left in a CLOSE_WAIT state when closed, and eventually we lose the ability to make new control sockets... https://trac.torproject.org/6235 >From what I can tell this is either an issue with Tor, Python, or Mac OSX (my money's on the last). Help welcome if anyone has ideas. Other random things from this month include going to the Fremont Fair, attending a SEAPIG meeting (local python developer group) and making travel arrangements to attend Defcon later in July. Cheers! -Damian [1] https://trac.torproject.org/6172 [2] https://trac.torproject.org/5262 [3] https://trac.torproject.org/6114 [4] http://www.team.net/mjb/hawg.html [5] https://trac.torproject.org/5493 [6] https://trac.torproject.org/6205 [7] https://gitweb.torproject.org/stem.git/commitdiff/66376f5 [8] https://gitweb.torproject.org/stem.git/commitdiff/385b05b [9] https://trac.torproject.org/6082 [10] https://trac.torproject.org/6171 [11] https://trac.torproject.org/5454 [12] https://lists.torproject.org/pipermail/tor-dev/2012-June/003608.html [13] https://trac.torproject.org/6257

1 0

Re: [tor-dev] Stem Descriptor Parsers
by Ravi Chandra Padmala 03 Jul '12

03 Jul '12

On Mon, Jul 2, 2012 at 9:24 PM, Megan Chang <mchang01(a)wesleyan.edu> wrote: > Which descriptor parsers are you referring to, as some are already > implemented? A lot of what we're working on in Tor Export overlaps your work > regarding descriptor parsers. According to my proposal, I was to implement the parsers for V3 network status documents and microdescriptor documents for the mid term evaluation. > Do you mind if we take on the minor task of working on descriptor parsers? Fine by me. What descriptors would you be working on? > Also, just for our reference, when is your mid-term evaluation? July 9 - Mentors and students can begin submitting mid-term evaluations. July 13 - Mid-term evaluations deadline -- neena

2 1

[GSoC] Vidalia - Week 6
by Feroze Naina 02 Jul '12

02 Jul '12

I have created the Hidden Service plugin. Currently, the plugin loads the list of hidden services from the torrc file and displays it in a custom widget consisting of line-edits and spinbox inside a groupbox. This is then displayed in a vertical layout in the container widget's scroll-area. The values of HiddenServiceDir and HiddenServicePort are displayed in line-edits. If the Hidden Service had been activated previously, the hostname string is fetched from the file and displayed inside the plugin. The user can remove a service by selecting the corresponding checkbox and clicking the "-" button. The user can also edit a service by changing the values in line-edit and clicking the Apply button. This would change the values in the torrc file. I'm behind schedule by a few days. By this week, I will implement adding new hidden services to the plugin. The UI needs more work. I had originally alloted Week 7 for code cleanup. I have linked to a screenshot of the existing UI below. The "-" button is grayed out until a checkbox is selected. The Apply button is enabled only if any text has been edited. The stray TextLabel will be removed. I'm just using it for testing. [1] http://i.imgur.com/SG6ea.png [2] https://github.com/feroze/vidalia-plugins/tree/hiddenservice [3] http://feroze.in/gsoc12.html

1 0

[GSoC] Pluggable Transports in Python Status Update
by Brandon Wiley 02 Jul '12

02 Jul '12

Status Update - Refactoring There was a slight change in the schedule in that I moved refactoring up in front of testing and debugging. The major refactoring effort was in splitting the project into two parts. The library for implementing the pluggable transport specification, with environment variable parsing and printing of pluggable transport protocol lines to stdout is now all that is included in pyptlib. The framework and obfsproxy command line program replacement have been split off into py-obfsproxy. A high-level API has also been added to pyptlib which requires less knowledge of the spec. It automatically parses environment variables and generates protocol lines. The transport implementation just needs to get the list of supported transports and then report success or failure for the launch of each transport as well as the end of the transport launching phase. Examples have been included in pyptlib for how to use the high-level library and py-obfsproxy has been ported to the high-level library as well. All of the code has also been reformatted according to PEP 8 guidelines. Private methods have also been renamed to use the __foo syntax as specified in the python style guidelines. This week the focus is going to be on testing the framework and obfsproxy command line replacement to get the dummy protocol working. One everything is working the focus will shift to documenting the now hopefully stable pyptlib API. pyptlib: http://github.com/blanu/pyptlib py-obfsproxy: http://github.com/blanu/py-obfsproxy More posts on the blog: http://stepthreeprivacy.org/

1 0

[GSoC] Stem Controller Class
by Ravi Chandra Padmala 02 Jul '12

02 Jul '12

Hello. The configuration related control methods get closer to merging each day. I've been working on the control methods for the other control commands. I will begin working on the event handling methods later this week. I also found & fixed(?) a tiny bug in the tests[1]. The deliverables for my mid term evaluation are: * Implementation of a fully documented General controller class with sufficient test coverage. * Implementation of parsers for parsing network status documents and microdescriptor documents with significant test coverage. * Integrate the Safe Cookie authentication client into Stem. (Close #5262). Safe cookie authentication support has been merged into master. I am fairly certain I will be done coding (most, if not all of) the general controller class before the mid-term evaluation, but, it's unlikely that it will be merged into stem/master that soon. It's highly unlikely that I'll be able to work on the descriptor parsers before the mid-term evaluation. I do have a large amount of buffer time at the end of the program which should be more than enough to implement them, even after taking Hofstadter's law into account :/ 1. https://trac.torproject.org/projects/tor/ticket/6248 -- neena

1 0

[GSoC] Stegotorus status update
by vmon 02 Jul '12

02 Jul '12

Hey Tor-devers, I hope you are enjoying the summer as it's officially started and nobody can deny that (unless you are on the wrong hemisphere). And sorry for the delay, I was Internet deprived for a while. So I'm here to tell you what I did in last two weeks. Following the advice of Zack, I read the code in steg directory, where the modules which embed the requested data in http payloads live. It also deals with http details. I also looked into the randomness algorithms in stegotorus. I suggested some ideas on improving the code and I'm waiting for Zack to tell me what he thinks about them. It was a good investment as now I have a good idea that what is happening where in the code and it makes the task of applying after-forking obfproxy patches to stegotorus more feasible. I had a discussion in irc with the Roger and following the discussion and sharing my idea with Zack, I started developing a payload serving system that instead of using a static trace file assumes that apache is installed on the system and query apache for the payload. So far I have written the prototype of the class and have shared my design with Zack. I also looked into the problem that Polipo (as a typical http proxy) had with Stegotorus that it does not allow any Stegotorus traffic through. It turned out that Polipo thinks all Stegotorus GET request are stored in the local hard drive (as they don't have server name and they starts with /). Hence, it tries to serve them directly from the disk and fails. So I shared that with Zack as well, and we'll discuss the possible solutions. Although, the new apache payload system won't have that problem. Hopefully in two weeks we will have the apache payload in semi-functional condition. Cheers, vmon

1 0

Tor proposals implemented in Tor 0.2.3.x
by Nick Mathewson 01 Jul '12

01 Jul '12

Hi, all! Since 0.2.3 just entered beta (and will be in release-candidate status soon if I have anything to say about it!) I wanted to put out a summary of the Tor proposals that got merged, to the best of my knowledge, in the Tor 0.2.3.x series. My next email will summarize still-open proposals. (Note on credits: I'm copying the listed credits from the proposals, their acknowledgments sections, and my incredibly lossy memory. But in every case, these designs were improved enormously through feedback from the entire Tor community, including some design stalwarts who take the time to give feedback on all nearly all the proposals they see. Thanks to everyone, and apologies to everybody whom I'm forgetting here.) IMPLEMENTED IN 0.2.3.x 110 Avoiding infinite length circuits We started this one a while ago back in 0.2.1.3-alpha. It provides a mechanism to try to limit the resource-multiplier that a DOS attacker can get against the Tor network by building very long circuits, by limiting the maximum circuit length. We had clients implement the new behavior in 0.2.1.3-alpha, and fixed some bugs related to it in the 0.2.2.x series. It's only now that all of the older versions that don't support it are obsolete that we can actually turn on the attack prevention. (Proposal by Roger Dingledine based on ideas by Christian Grothoff.) 158 Clients download consensus + microdescriptors 162 Publish the consensus in multiple flavors In the "Microdescriptors" design, clients download a summary of router descriptors rather than the entire set of signed router descriptors. This can save a large amount of directory bandwidth -- both because microdescriptors are smaller than router descriptors, and because they're designed to change much less frequently. Rather than being signed by the routers themselves, microdescriptors are listed by their digests in a consensus document signed by a threshold of directory authorities. (This change doesn't change the threat model, since a successful attack against either system requires adversary who can subvert a majority of directory authorities.) We anticipate that we might want to serve the consensus in more than one format in the future, so proposal 162 introduces a notion of "consensus flavors" such that any every consensus vote produces a signed consensus in all the formats, caches cache all the formats, and clients download only those they need. (Proposal 158 by Roger Dingledine, revised a bunch by Nick Mathewson. Proposal 162 by Nick Mathewson, influenced by design discussions with Marian on IRC.) 180 Pluggable transports for circumvention We introduce "Pluggable transports": a specified way for Tor bridges and Tor bridge users to configure external programs to obfuscate or re-route traffic to avoid censorship. This is a pretty big deal: it's what lets Tor integrate will with Obfsproxy and similar tools. As we've hoped, having a specified way to integrate with Tor has encouraged others to work on obfuscation tools. Having it ready to go has helped us deal with unexpected censorship events over the past year, and we think that having a couple of other obfuscators up our sleeve will help more in the future. (Proposal by Jacob Appelbaum and Nick Mathewson, with heavy revisions based on George Kadianakis's experience implementing it.) 171 Separate streams across circuits by connection metadata Here's a big security improvement. In earlier versions of Tor, there wasn't a good way to force streams onto separate circuits. This could make for trouble, since all streams sent over the same circuit are definitively linkable by the exit node, and probabilistically linkable by the destinations. (For example, if you make a connection to an SSH host and log into a website over the same circuit, the exit node can learn that the same person has accounts both at the SSH host and the website. If the SSH host and website are colluding, then over time, they can become certain which account on the SSH host corresponds with which activities on the website.) Starting with Tor 0.2.3, we provide a number of ways for users and integrators to tell Tor not to put the two streams on the same circuit. By default, two streams won't go on the same circuit if they arrive at different Tor client ports (one goes to SOCKSPort 9050 and one goes to SOCKSPort 9051); or if they come from different client addresses (one came from 127.0.0.1, the other from 10.0.10.10); or if they provide different username/password information in their SOCKS handshakes. Additionally, you can configure Tor to isolate connections by destination address, destination port, and chosen client protocol. See the manual page for SOCKSPort for more information. (Proposal by Robert Hogan, Jacob Appelbaum, Damon McCoy, and Nick Mathewson, based on ideas from a whole bunch of people.) 174 Optimistic Data for Tor: Server Side 181 Optimistic Data for Tor: Client Side This one is a performance hack that hasn't seen its full impact yet. Starting with Tor 0.2.3.x, clients MAY send data to the exit node before finding out whether the exit has been able to successfully connect to the destination server. Previously, it took an extra round trip for clients to wait to see whether the exit said "Yes, I'm connected" before they were allowed to send data for the exit. This should make connection startup faster in many protocols where the client speaks first (http, https), as more and more client programs gain support for it. (Proposal by Ian Goldberg.) 176 Proposed version-3 link handshake for Tor 184 Miscellaneous changes for a v3 Tor link protocol 187 Reserve a cell type to allow client authorization Here's the crypto-heavy one for 0.2.3. In earlier Tors, we used two different link protocol variants to get the TLS authentication we wanted without being too fingerprintable. In Tor before 0.2.0, we used a "v1" link protocol, where both sides swapped pretty stereotyped certificate chains in the initial handshake, and were as fingerprintable as all get-out. From 0.2.0 through 0.2.2, we've been using a "v2" link protocol, where the connection initiator launched a renegotiation immediately upon making a successful connection. But as anybody who's used TLS renegotiations knows, they are a pain to work with. Moreover, their presence on the wire is visible, and provides another fingerprint for Tor connections. With the new "v3" link protocol, clients perform an initial TLS handshake, and then use that handshake to bootstrap the trust and authentication they wanted in a less fragile, less fingerprintable manner. Proposal 184 made variable-length cells more pratical, and added a variable-length padding type. Since proposal 176 introduced a requirement that no extraneous cells be sent during the handshake, proposal 187 reserves an extra cell type for future use in pre-handshake authentication. (Proposal 176 by Nick Mathewson, based on an earlier idea by Steven Murdoch, with feedback from Gladys Shufflebottom. Proposal 184 by Nick Mathewson. Proposal 187 by Nick Mathewson based on/influenced by discussions with George Kadianakis and Robert Ransom.) 178 Require majority of authorities to vote for consensus parameters This one makes us more robust against a rogue directory authority. Previously, a misbehaving authority could set an integer parameter unilaterally, so long as it was the first to hear of that parameter, or the only one to have an opinion. With this proposal implemented, a larger number of authorities must want to vote on a consensus parameter for any vote on that parameter to take place. (Proposal by Sebastian Hahn.) 179 TLS certificate and parameter normalization This proposal made a bunch of small but important tweaks to try to emit more normal-looking TLS certificates, to help prevent certificate-based fingerprinting. It didn't all get implemented and stable in time for 0.2.3.x; the remainder is now proposal 195. (Proposal by Jacob Appelbaum and Gladys Shufflebottom.) 183 Refill Intervals Tor uses a token-bucket implementation for its rate- limiting strategy. Previously, Tor refilled these token buckets once per second. But this approach seems to have led to choppy behavior, where we exhaust our bandwidth early in the second, and spend the rest of the second sitting around. The new default is 100 msec, but now it's configurable. (Proposal by Florian Tschorsch and Bjorn Scheuermann.) PARTIALLY IMPLEMENTED IN 0.2.3.x 186 Multiple addresses for one OR or bridge We've implemented this to the extent of letting a bridge have a single IPv6 address. Supporting this for regular relays will need to wait for 0.2.4.x. We're still deciding on whether it's worthwhile to allow more than one IPv4 and one IPv6 address. (Proposal by Nick Mathewson, revised based on extensive feeback by Roger Dingledine and Linus Nordberg.) 198 Restore semantics of TLS ClientHello In an attempt to impersonate Firefox clients under the eyes of watchful censors, earlier versions of Tor would sometimes claim to support TLS ciphersuites that they didn't. This would cause trouble if we ever wanted to negotiate a cipher other than those which we happen to know that all Tor clients support, since we can't count on the TLS ClientHello actually telling which ciphers are supported. This proposal provides us with a backward compatible way to migrate ciphersuite lists, emulate new browser fingerprints, and actually use ciphersuites that didn't exist in 2005. The client side of this proposal is implemented in 0.2.3; the server side will have to wait for 0.2.4. (Proposal by Nick Mathewson.)

5 8

Open Proposals as of June 2012
by Nick Mathewson 01 Jul '12

01 Jul '12

This list of open Tor proposals is based on one I sent out in May of last year. Since I'd like to do this more regularly, I have added to each description the date when I wrote it. Most of the summaries from older proposals are unchanged since last May; the later ones in the list for 6/2012 I wrote pretty quickly since I want to get out the door tonight for an appointment, but I want to send this list out without further delay. OPEN, DRAFT, AND ACCEPTED PROPOSALS: 117 IPv6 exits IPv6 is still the future, but now it's the kind of future that's unevenly distributed. It's time to do this one so that IPv6 traffic can be sent over Tor. It needs updating to work properly with microdescriptors; it also has some open questions about DNS. (6/2012) 127 Relaying dirport requests to Tor download site / website The idea here was to make it easier to fetch and learn about Tor by making it easy for relays to automatically act as proxies to the Tor website. It needs more discussion, and there are some significant details to work out. It's not at all clear whether this is actually a good idea or not. (5/2011) 131 Help users to verify they are using Tor Here's a proposal for making a torcheck-like website more reliable. If anybody wants to pick it up (especially somebody working on torcheck) and see whether it should be reopened or rejected, that would be a fine thing. (5/2011) 132 A Tor Web Service For Verifying Correct Browser Configuration This proposal was meant to give users a way to see if their browser and privoxy (yes, it was a while ago) are correctly configured by running a local webserver on 127.0.0.1. I'm not sure the status here. (5/2011) 133 Incorporate Unreachable ORs into the Tor Network This proposal had an idea for letting ORs that can only make outgoing connections still relay data usefully in the network. It's something we should keep in mind, and it's a pretty neat idea, but it radically changes the network topology. Anybody who wants to analyze new network topologies should definitely have a look. (5/2011) 140 Provide diffs between consensuses This proposal describes a way to transmit less directory traffic by sending only differences between consensuses, rather than the consensuses themselves. It is mainly languishing for lack of an appropriately licensed, well-written, very small, pure-C implementation of the "diff" and "patch" algorithms. (The good diffs seem to be GPL (which we can't use without changing Tor's license), or spaghetti code, or not easily usable as a library, or not written in C, or very large, or some combination of those.) (5/2011) 141 Download server descriptors on demand The idea of this proposal was for clients to only download the consensus, and later ask nodes for their own server descriptors while building the circuit through them. It would make each circuit more time-consuming to build, but make bootstrapping much cheaper. Microdescriptors obsolete a lot of this proposal, and present some difficulties in using in a way compatible with it. (6/2012) 143 Improvements of Distributed Storage for Tor Hidden Service Descriptors Here's a proposal from Karsten about making the hidden service DHT more reliable and secure to use. It could use more discussion and analysis. (5/2011) 144 Increase the diversity of circuits by detecting nodes belonging the same provider This is a version of the good idea, "Let's do routing in a way that tries to keep from routing traffic through the same provider too much!" There are complex issues here that the proposal doesn't completely address, but I think it might be a fine idea for somebody to see how much more we know now than we did in 2008, particularly in light of the relevant paper(s) by Matt Edmann and Paul Syverson. (5/2011) 145 Separate "suitable as a guard" from "suitable as a new guard" Currently, the Guard flag means both "You can use this node as a guard if you need to pick a new guard" and "If this node is currently your guard, you can keep using it as a guard." This proposal tries to separate these two concepts, so that clients can stop picking a router once it is full of existing clients using it as a guard, but the clients currently on it won't all drop it. It's not clear whether this has anonymity issues, and it's not clear whether the imagined performance gains are actually worthwhile. (5/2011) 146 Add new flag to reflect long-term stability From time to time we get the idea of having clients ship with a reasonably recent consensus (or a list of directory mirrors), so instead of bootstrapping from one of the authorities, they can bootstrap from a regular directory cache. The problem here is that by the time the client is run, most of the directory mirrors will be down or will have changed their IP. This proposal tries to address that. It needs analysis based on behavior of actual routers on the network to see whether it could work, and what parameters might work. Nevertheless, we should really do something like this, so that we can ship a list of initial directory mirrors with Tor (possibly via the "fallback consensus" deisgn), so that new bootstrapping Tor clients don't all hammer the directory authorities. (6/2012) 147 Eliminate the need for v2 directories in generating v3 directories This proposal explains a way that we can phase out the vestigial use of v2 directory documents in keeping authorities well-informed enough to generating the v3 consensus. It's still correct; somebody should implement it before the v2 directory code rots any further. (5/2011) 156 Tracking blocked ports on the client side This proposal provides a way for clients to learn which ports they are (and aren't) able to connect to, and connect to the ones that work. It comes with a patch, too. It also lets routers track ports that _they_ can't connect to. I'm a little unconvinced that this will help a great deal: most clients that have some ports blocked will need bridges, not just restriction to a smaller set of ports. This could be good behind restrictive firewalls, though. The router-side part is a little iffy: routers that can't connect to each other violate one of our network topology assumptions, and even if we do want to track failed router->router connections, the routers need to be sure that they aren't fooled into trying to connect repeatedly to a series of nonexistent addresses in an attempt to make them believe that (say) they can't reach port 443. This one is a paradigmatic "open" proposal: it needs more discussion. The patch probably also needs to be ported to 0.2.3.x; it touches some code that has changed. (5/2011) 157 Make certificate downloads specific This proposal added cross-certification and signing-key-specific download URLs for directory authority certificates. It is IIRC mostly implemented on the server side; there are just some SHOULDs that we should turn into MUSTS if all sufficiently old authority certificates are now obsolete, and a client-side portion that we need to implement. (6/2012) 159 Exit Scanning This is an overview of SoaT, with some ideas for how to integrate it into Tor. (5/2011) 162 Publish the consensus in multiple flavors The initial proposal here is done, but more work is needed for forward-compatibility: we'd like to have caches be willing to cache and serve consensus flavors which they do not currently recognize. (6/2012) 164 Reporting the status of server votes This proposal explains a way for authorities to provide a slightly more verbose document that relay operators can use to diagnose reasons that their router was or was not listed in the consensus. These documents would be like slightly more verbose versions of the authorities' votes, and would explain *why* the authority voted as it did. It wouldn't be too hard to implement, and would be a fine project for somebody who wants to get to know the directory code. (5/2011) 165 Easy migration for voting authority sets This is a design for how to change the set of authorities without having a flag day where the authority operators all reconfigure their authorities at once. It needs more discussion. One difficulty here is that we aren't talking much about changing the set of authorities, but that may be a chicken-and-egg issue, since changing the set is so onerous. If anybody is interested, it would be great to move the discussion ahead here. (5/2011) 168 Reduce default circuit window This proposal reduces the default window for circuit sendme cells. I think it's implemented, isn't it? If so, we should make sure that tor-spec.txt is updated and close it.XXXXXXX (5/2011) 172 GETINFO controller option for circuit information 173 GETINFO Option Expansion These would help controllers (particularly arm) provide more useful information about a running Tor process. They're accepted and some parts of 173 are even implemented: somebody just needs to implement the rest. (5/2011) 175 Automatically promoting Tor clients to nodes Here's Steven's proposal for adding a mode between "client mode" and "relay mode" for "self-test to see if you would be a good relay, and if so become one." It didn't get enough attention when it was posted to the list; more people should review it. (5/2011) 177 Abstaining from votes on individual flags Here's my proposal for letting authorities have opinions about some (flag,router) combinations without voting on whether _every_ router should have that flag. It's simple, and I think it's basically right. With more discussion and review, somebody could/should build it for 0.2.4.x, I think. (6/2012) 182 Credit Bucket This proposal suggests an alternative approach to our current token-bucket based rate-limiting, that promises better performance, less buffering insanity, and a possible end to double-gating issues. (6/2012) 185 Directory caches without DirPort The old HTTP directory port feature is no longer used by clients and relays under most circumstances. The proposal explains how we can get rid of the requirement that non-bridge directories have an open directory port. (6/2012) 186 Multiple addresses for one OR or bridge This one is partially implemented, in that bridges can have IPv6 addresses. Still to go: we need to let ORs have IPv6 addresses too. Undecided: is one IPv4 and one IPv6 enough for anybody? (6/2012) 188 Bridge Guards and other anti-enumeration defenses This proposal suggests some ways to make it harder for a relay on the Tor network to enumerate a list of Tor bridges. Worth investigating and possibly implementing. (6/2012) 189 AUTHORIZE and AUTHORIZED cells 190 Bridge Client Authorization Based on a Shared Secret 191 Bridge Detection Resistance against MITM-capable Adversaries Proposal 187 reserved the AUTHORIZE cell type; these proposals suggests how it could work to try to make it harder to probe for Tor bridges. They need more alternatives and attention, and possibly some revision and analysis. (6/2012) 192 Automatically retrieve and store information about bridges This proposal gives an enhancement to the bridge information protocol, where clients remember more things about bridges, and are able to update what they know about them over time. Could help a lot with bridge churn. (6/2012) 194 Mnemonic .onion URLs Here's one of several competing "let's make .onion URLs human-usable" proposals. This one makes sentences using a fixed map. (6/2012) 195 TLS certificate normalization for Tor 0.2.4.x Here's the followup to proposal 179, containing all the parts of proposal 179 that didn't get built, and a couple of other tricks besides to try to make Tor's default protocol less detectable. I'm pretty psychoed about the part where we let relays drop in any any self-signed or CA-issued certificate that they like. (6/2012) 196 Extended ORPort and TransportControlPort Here are some remaining pieces of the pluggable transport protocol that give Tor finer control over the behavior of its transports. (6/2012) 197 Message-based Inter-Controller IPC Channel This proposal is for an architectural enhancement in Tor deployments, where Tor coordinates communications between the various programs (Vidalia, TorBrowser, etc) that are using it. (6/2012) 198 Restore semantics of TLS ClientHello Partially implemented. We have the new client behavior in place in 0.2.3.x, but not the new server behavior which it permits. (6/2012) 199 Integration of BridgeFinder and BridgeFinderHelper Here's a proposal for how Tor can integrate with a client program that finds bridges for it. (6/2012) 200 Adding new, extensible CREATE, EXTEND, and related cells We'd like to moved to better authentication and key agreement mechanisms in future versions of Tor. This proposal gives us an extensible replacement for our current CREATE/CREATED cell mechanism. (6/2012) 201 Make bridges report statistics on daily v3 network status requests Here's a proposal for bridges to better estimate the number of bridge users. (6/2012)

5 5

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-dev July 2012