Hi all :)
This is my monthly status report for September 2023 with the main relevant activities I have done during the period.
## 0. Research
### Certificates
The work for bringing TLS certificates for Onion Services was focused in the ACME for Onions proposal (https://acmeforonions.org).
There were a series of relevant updates both on IETF ACME and on the CA/B Forum's Validation working groups:
* https://lists.cabforum.org/pipermail/validation/2023-September/001927.html * https://magicalcodewit.ch/cabf-2023-09-07-slides/ * https://mailarchive.ietf.org/arch/msg/acme/LMYC_Ou41E_9RuaVSYPr7SIhCCc/ * https://github.com/AS207960/acme-onion/issues/2
I focused in:
* Helping to figure ways that CAA and .onion descriptors could be handled by ACME client and servers. I'm still compiling the list of options for an ACME server to parse and validate an Onion Service descriptor.
* Doing a documentation update about CAA checking: https://tpo.pages.torproject.net/onion-services/onionplan/appendixes/acme/#c... https://gitlab.torproject.org/tpo/onion-services/onionplan/-/commit/02341735...
## Tor Browser Quality Assurance for Onion Services (TBB .onion QA)
I have completed the first three quarters of Tor Browser QA testing (since 2023.Q1).
### Testbed
* Since this QA process started, it's methodology and tooling was bootstrapped and improved.
* Some basic tests were defined to happen at every Tor Browser release (when applicable).
* Additional, specific tests were also defined to check for specific and potential issues.
* The "Faulty Onions" project was prototyped, and is intended to provide test Onion Services with different errors to check how Tor Browser and other applications handles them. More details to be expected soon.
* A few alternatives for test automation were researched, to consider whether some of the regular tests can be automated.
* Public documentation remains yet to be done.
### Versions tested
Eleven Tor Browsers versions were formally tested:
* 12.5.1 * 12.5.2 * 12.5.3 * 12.5.4 * 12.5.5 * 12.5.6 * 13.0a1 * 13.0a2 * 13.0a3 * 13.0a4 * 13.0a5
## 1. Development
### Onionprobe
* Onionprobe 1.1.2 was released: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/blob/main/Chan...
## 2. Support
### Documentation Hackweek
As a preparation for the upcoming [Hackweek][], I have submitted four project proposals:
* Onion MkDocs tryout: https://gitlab.torproject.org/tpo/community/hackweek/-/issues/13
* Onion TeX Slim enhancements: https://gitlab.torproject.org/tpo/community/hackweek/-/issues/14
* Onion Reveal coding and documenting: https://gitlab.torproject.org/tpo/community/hackweek/-/issues/15
* Etherpad management: https://gitlab.torproject.org/tpo/community/hackweek/-/issues/16
I'm planning to work in just one of these projects, depending in which one is more popular or gets more attention. I'm also looking for people that wants to form a team, or even adopt one of these proposals.
Please leave a comment, subscribe yourself or add your user name into the ticket description if you're interested :)
[Hackeek][]: https://lists.torproject.org/pipermail/tor-project/2023-August/003675.html
### Maintenance
* I also did the ongoing sponsored work with deployment, maintenance and monitoring of Onion Services.
## 3. Organization
Time spent (from the total available for Tor-related work):
| Category | Percentage |---------------|------------ | Research | 57 | Development | 1 | Support | 9 | Organization | 33 |---------------|------------ | Total | 100