[tor-dev] Let's identify which measurement-related tools need work when relays switch from RSA identities to ed25519 identities

Tue Sep 8 13:51:49 UTC 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everyone,

Sebastian suggested to me in one of our last measurement team 1-1-1
task exchange rounds [0] to think about the following question:

Which measurement-related tools need work when relays switch from RSA
identities to ed25519 identities?

You'll find below what I came up with.  Please send any feedback and
corrections to this list.  I'll incorporate everything and send an
updated document to this list next week.  Thanks!

All the best,
Karsten

The switch from RSA to ed25519 will happen in multiple steps (need to
confirm these!):

 0. Before ed25519 identities were used, each relay had a unique RSA
identity.
 1. Relays can create an optional ed25519 identity, change it, or stop
using it at will.
 2. Relays can create an ed25519 identity, but are not allowed to
change it or stop using it.
 3. Relays can stop using their earlier RSA identity.
 4. Relays only use their ed25519 identity.

(Add a notion of timeframe here.  It seems unlikely that 3 or even 4
will happen before 2017 or even 2018, given how long it takes to
deploy a new major Tor version in the network.  Sebastian thinks that
the timeline may not contain step 1.)

## Directory authority tools: Torflow, Guardfraction

There are several tools that provide data to directory authorities for
voting on relays.  These tools include bandwidth authorities and the
yet-to-be-finished Guardfraction tool.  They will have to handle new
ed25519 identities and provide their data in a format that directory
authorities will be able to use for voting.

## Network health scanners: Exitmap, Sybilhunter

It's unclear how much work remains to update network scanners like
Exitmap and Syilbhunter.

## Descriptor parsing libraries: metrics-lib, Stem, Zoossh

Descriptor parsing libraries need to support parsing new fields and
later need to support that fields containing RSA fingerprints have
become optional.  Stem has already implemented ed25519 identities, and
there's Java code that metrics-lib could re-use in CollecTor's bridge
descriptor sanitizer.  Zoossh is probably not updated yet.

## Descriptor archiver: CollecTor

The part of CollecTor that archives relay descriptors relies heavily
on RSA identities and SHA-1 digests.  This includes its implementation
of the Tor directory protocol and its structure for storing fetched
descriptors in tarballs.

Another part of CollecTor that needs to be updated is the bridge
descriptor sanitizer.  That is already done to the extent of
sanitizing ed25519-related descriptor lines.  The part that is not
updated yet is the tarball structure that still uses SHA-1 digests.

## Network health checkers: DocTor, DepicTor

Network health checkers like DocTor and DepicTor use relay
fingerprints, but they focus more on network consensus meta data
provided by the directory authorities.  Updating to ed25519 identities
shouldn't be hard.

## Statistics portal: Metrics

Most of the data-aggregating modules behind the Metrics website use
RSA identities to ensure uniqueness of reported statistics.  Switching
to another fingerprint format or length should be doable, but will
cause some effort.

## Relay address database: ExoneraTor

The relay address database ExoneraTor only uses the RSA identity to
ensure uniqueness of database entries and for display purposes.
Supporting new identities should not be that difficult.

## Onionoo server and clients: Onionoo, Atlas, Globe, Compass,
OnionTip, Roster

The Onionoo server heavily depends on RSA fingerprints of relays and
hashed RSA fingerprints of bridges, both internally and in its API.
Supporting ed25519 identities in addition to RSA fingerprints would
not be hard, but stopping to support RSA fingerprints will require
rewriting major parts of Onionoo.

Onionoo clients use the RSA fingerprint provided by the Onionoo server
to uniquely identify relays and bridges.  They will have to adapt to
changes in Onionoo that would first support ed25519 identities and
later stop supporting RSA fingerprints.  This shouldn't be difficult.

## OONI

It's unclear how much effort is needed to update OONI to support new
ed25519 identities.

## Exit address scanners: TorDNSEL, TorBEL, Check

TorDNSEL and its planned successor TorBEL include RSA identities in
their output format.  It might be sufficient to simply add ed25519
identities there and leave out RSA identities once they are not used
anymore.  Check will have to be updated to understand these new formats.

[0] 1-1-1 task exchange: you get 1 minute to describe a task that
would take somebody else roughly 1 hour and that they will do for you
within 1 week (review a document, write some analysis code, fix a
small bug, etc.; better come prepared to get the most out of this;
give 1, take 1)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJV7uf1AAoJEJD5dJfVqbCrBJUH/A78UIeNy5UIvctO6EjMp6KU
XXeB7jxDoA9RmdhNV7v5MzhSCjblQLfG5tyLmeFV/opX+xG0fMvqFdUB9jupXccV
HQXLjeSuNF4Tenayn3W49EUF/O75BHcfwe0fHzmV8KEIhPf66KQn6gNBFFnWr4S0
OfvoSWbIb9Wu7hCya4C7J69FVAhwXPH8JpgpSpKLFYSZWQo1aKbgVqBDKNe/lmrV
UO04Ws/O04osG9WWX/HcZgSCfSaN68nBMllnu0yCTJY+fEqFruxYhAaZZV6tXIfG
E66vZc2K3S6Rk/1nwHEkNeZKCfjyRG1LthzH28HdCEMzl1mdQhUPkJawNaQXoDM=
=rXAd
-----END PGP SIGNATURE-----