On Wed, Nov 2, 2011 at 9:25 PM, Watson Ladd watsonbladd@gmail.com wrote:
Dear all, I'm busy rewriting tor-spec (well, mangling it) to be crypto agnostic (read: shoving hard choices to later). In the process I am trying to make it a bit clearer.
Hi, Watson! Some initial thoughts to observe or ignore as you see fit:
It's best to do stuff like this in multiple small steps if you want it merged upstream. That way, if we like 80% of what you're doing, we can merge the 8/10 pieces we like right away and keep talking about the remaining 2/10. (For instance, stuff that improves clarity should definitely go in.)
It's also a good idea to remember that the tor-spec.txt isn't just a design for a possible anonymity net: it's a writeup for how Tor actually works. So anything that changes its semantic meaning is un-mergeable unless Tor itself gets changed. The process for doing that is the proposal system documented in the tor-spec repository, proposal 001. So it's probably best to make sure you keep any semantic changes separate.
The spec seems to hold open the possibility that nodes not on the two ends of a circuit can send recognized RELAY cells (the role of OPs in processing RELAY cells is also unclear). Is this the case, or is this not supported given that there are no points at which the spec explicitly calls for them to be sent?
This is the "leaky pipe topology" as documented in the tor-design paper, which you should probably read. It is indeed intentional.
cheers,