Quoting the whole message in my reply, since we're moving this to tor-dev where it belongs.
On Wed, Mar 23, 2011 at 1:36 PM, Robert Ransom rransom.8774@gmail.com wrote:
On Wed, 23 Mar 2011 12:54:17 -0400 Nick Mathewson nickm@freehaven.net wrote:
On Wed, Mar 23, 2011 at 8:10 AM, George Kadianakis desnacked@gmail.com wrote:
Hey Robert and Nick,
I hate bureaucratic procedures and yet I have to send my GSoC application 'till the 8th of April; so I want to get done with it.
My application should have "a project proposal, why you'd like to execute on this particular project, and the reason you're the best individual to do so." (that was taken from GSoC FAQ).
So regarding the project proposal, I talked with Robert yesterday and he told me: 02:18:24 <rransom> asn: Implementing the new circuit protocol will be a good GSoC project for you. I think identity key migration (and thus link protocol migration) will require too much beyond the new circuit protocol. I suppose that by "new circuit protocol" you mean the section 3.2 of xxx-crypto-migration.txt, Robert.
How do you feel about this, Nick?
It could be helpful. I don't have a good sense of how much work this would be, since I don't have a good sense of what the new protocol would actually be. Robert -- how would you think this would break down into a summer's worth of work?
The first step in the Great Tor Crypto Migration is to add new CREATE2 and EXTEND2 RELAY cell types. They can be used with the existing circuit-extension handshake and link protocol initially, but will be extensible to support new ones.
Further steps, all independent of each other:
- Add 128-byte and 2048-byte RELAY cells and a circuit-configuration
cell, initially to allow the client to change the cell size to be used on a circuit.
- Refactor Tor's cryptographic primitive abstractions to accommodate
public-key encryption primitives, public-key signature primitives, symmetric authenticated encryption, symmetric block encryption, and hashes.
- Implement one or more new link protocols that do not constrain a
relay's choice of identity key cryptosystem.
Further mutually independent steps building on those above:
- Modify the directory protocol and implementation to support relays
with multiple identity keys.
- Implement a new circuit-extension handshake (the part that involves
‘onionskins’).
- Implement a new circuit ciphersuite (the part that mangles cell data
so that relay A can't see what data relay C sees).
Hm. These steps all stretch pretty far beyond what's just described in 3.2 of xxx-crypto-migration. I think they're probably more than we can promise to design before summer, and possibly more than a typical gsoc scope all put together.
I'm also a little concerned about the interaction of 3.2 and 3.3 ("Relay crypto") : I'll be surprised if it turns out that we can design a good circuit extend protocol without thinking about the countours of a new relay protocol. (Not that you'd have to build both at once, but we should think about them all as we design.)
It's actually the other way around -- we need a new EXTEND cell before we can use a new link protocol. (Otherwise, we would have to build in a covert channel (i.e. a backdoor for people who want to block Tor by handshake) in the new link protocol to indicate client and server link protocol versions, and that really *really* sucks.)
I'm talking about the stuff in 3.3: the relay protocol, where we process cells. Link protocol stuff is 3.1.
Also, I'm talking about *design order*, not *implementation order*: The different parts of the Tor protocol are not sufficiently orthogonal that we can do them independently. Thus, we need to get most of the design changes sketched out before we can be reasonably say that any part of the redesign does what the other parts need.
Maybe we should get a protocol sketch together this week if the app is due April 8.
Yes. I have the EXTEND2 cell draft written; I bogged down on writing explanatory text (I thought I didn't have enough in the draft, but didn't know what to add).
Either way, I think this might be drifting into design work, so if there are no objections, I'd suggest that we follow up on the tor-dev mailing list. :)
Good idea.
Robert Ransom