[tor-dev] Rewriting tor-spec to be crypto agnostic
nickm at alum.mit.edu
Thu Nov 3 02:12:27 UTC 2011
On Wed, Nov 2, 2011 at 9:25 PM, Watson Ladd <watsonbladd at gmail.com> wrote:
> Dear all,
> I'm busy rewriting tor-spec (well, mangling it) to be crypto agnostic
> (read: shoving hard choices to later). In the process I am trying to
> make it a bit clearer.
Hi, Watson! Some initial thoughts to observe or ignore as you see fit:
It's best to do stuff like this in multiple small steps if you want it
merged upstream. That way, if we like 80% of what you're doing, we
can merge the 8/10 pieces we like right away and keep talking about
the remaining 2/10. (For instance, stuff that improves clarity should
definitely go in.)
It's also a good idea to remember that the tor-spec.txt isn't just a
design for a possible anonymity net: it's a writeup for how Tor
actually works. So anything that changes its semantic meaning is
un-mergeable unless Tor itself gets changed. The process for doing
that is the proposal system documented in the tor-spec repository,
proposal 001. So it's probably best to make sure you keep any
semantic changes separate.
> The spec seems to hold open the possibility that nodes not on the two
> ends of a circuit can send recognized RELAY cells (the role of OPs in
> RELAY cells is also unclear). Is this the case, or is this not
> supported given that there are no points at which the spec explicitly
> calls for them to be sent?
This is the "leaky pipe topology" as documented in the tor-design
paper, which you should probably read. It is indeed intentional.
More information about the tor-dev