[or-cvs] r13478: Update TODO with TLS progress. (in tor/trunk: . doc)

nickm at seul.org nickm at seul.org
Tue Feb 12 04:45:12 UTC 2008 

Author: nickm
Date: 2008-02-11 23:45:11 -0500 (Mon, 11 Feb 2008)
New Revision: 13478

Modified:
   tor/trunk/
   tor/trunk/doc/TODO
Log:
 r18043 at catbus:  nickm | 2008-02-11 23:45:07 -0500
 Update TODO with TLS progress.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r18043] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO	2008-02-12 04:43:25 UTC (rev 13477)
+++ tor/trunk/doc/TODO	2008-02-12 04:45:11 UTC (rev 13478)
@@ -60,32 +60,15 @@
 N - Before the feature freeze:
     - 105+TLS, if possible.
       . TLS backend work
-        - New list of ciphers for clients
-        o Servers detect new ciphers, and only send ID cert when they
-          get an older cipher list, and only request client cert when
-          they get an older cipher list.
-        . Clients only send certificates when asked for them.
-          o Implement
-          - Enable
-        o Servers disable callback once negotiation is finished, so
-          that renegotiation happens according to the old rules.
-        o Clients initiate renegotiation immediately on completing
-          a v2 connection.
-        o Servers detect renegotiation, and if there is now a client
-          cert, they adust the client ID.
-          o Detect.
-          o Adjust.
-        o Better cname and organizationName generation.
-      o New revised handshake: post-TLS:
-        o start by sending VERSIONS cells
-        o once we have a version, send a netinfo and become open
-        o Ban most cell types on a non-OPEN connection.
+        . Enable.
       - Test
         o Verify version negotiation on client
-        - Verify version negotiation on server
-        . Verify that client->server connection becomes open
+        o Verify version negotiation on server
+        o Verify that client->server connection becomes open
         - Verify that server->server connection becomes open and
           authenticated.
+        - Verify that initiator sends no cert in first stage of TLS
+          handshake.
       - NETINFO fallout
         - Don't extend a circuit over a noncanonical connection with
           mismatched address.

More information about the tor-commits mailing list