Hello,
I have been planning on learning more about tors code base for sometime now. Luckily, I might have some freetime for the next two weeks and I am hoping to put it to good use.
After digging through tickets labelled as "easy" on trac, #16846 seemed like a decent cadidate for to me. There was some discussion on trac about the security impact of adding the feature, but that was three months ago.
I was wondering if anyone could shed more light on it.
#16846 is "Include sizeof(void *) in your extrainfo."
It's not ready to be implemented, it needs more thought / discussion.
The security concerns on the ticket have not changed in the last 3 months - identifying each relay's architecture would allow relays to be targeted for attacks that are more likely to succeed on their architecture. (In particular, 32-bit i386 tor builds typically have fewer protections due to lack of processor features.) We might need to rethink how to collect the total number of 32- and 64- bit platforms in aggregate form, rather than adding it to the extrainfo descriptor.
If you choose a ticket that's marked easy, and is non-controversial (that is, it has no negative security implications), patches will be more likely to be accepted.
You could try one of the following:
Tor should leave its own fingerprint out of its family line
(filtering the list of MyFamily fingerprints to exclude any digests where router_digest_is_me(digest) is true)
Add AccountingRule in and out
(add additional AccountingRule options that only measure traffic in or out)
Tor should warn users when traveling backwards through time
(refactoring common code out of connection_dir_client_reached_eof and or_state_load)
clear_status_flags_on_sybil might want to clear more flags
(future-proof this function by zeroing out the entire structure, then copying the flags we know we want)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP 968F094B
teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F