[tor-dev] Rewriting tor-spec to be crypto agnostic

Nick Mathewson nickm at alum.mit.edu
Thu Nov 3 02:12:27 UTC 2011

On Wed, Nov 2, 2011 at 9:25 PM, Watson Ladd <watsonbladd at gmail.com> wrote:
> Dear all,
> I'm busy rewriting tor-spec (well, mangling it) to be crypto agnostic
> (read: shoving hard choices to later). In the process I am trying to
> make it a bit clearer.

Hi, Watson!  Some initial thoughts to observe or ignore as you see fit:

It's best to do stuff like this in multiple small steps if you want it
merged upstream.  That way, if we like 80% of what you're doing, we
can merge the 8/10 pieces we like right away and keep talking about
the remaining 2/10.  (For instance, stuff that improves clarity should
definitely go in.)

It's also a good idea to remember that the tor-spec.txt isn't just a
design for a possible anonymity net: it's a writeup for how Tor
actually works.  So anything that changes its semantic meaning is
un-mergeable unless Tor itself gets changed.  The process for doing
that is the proposal system documented in the tor-spec repository,
proposal 001.  So it's probably best to make sure you keep any
semantic changes separate.

> The spec seems to hold open the possibility that nodes not on the two
> ends of a circuit can send recognized RELAY cells (the role of OPs in
> processing
> RELAY cells is also unclear). Is this the case, or is this not
> supported given that there are no points at which the spec explicitly
> calls for them to be sent?

This is the "leaky pipe topology" as documented in the tor-design
paper, which you should probably read.  It is indeed intentional.


More information about the tor-dev mailing list