[tor-reports] George's status report: July 2014

Sat Aug 2 16:46:47 UTC 2014

# Activites of July 2014

- Continued work on guard security:

  Made some progress on #12595, designing a better interface and data
  structures for entry guards. That is, some system that will ensure
  that entry guard order is always respected and no entry guard skips
  (like #12466 and #12450) can happen. Nick suggested formalizing the
  wanted interface a bit, and specifying inputs/outputs and the
  various events that can happen.

  Helped Roger with #12690 and #12688 which are now merged and
  initiate the deployment of proposal 236. Specifically, they add a
  consensus parameter that makes the number of guard configurable [0],
  and also increases the bandwidth requirement for being a guard from
  250KB/s to 2MB/s [1]. Roger released tor-0.2.5.6-alpha with those
  patches and authorities will need to upgrade to it.

  I also started a [tor-dev] thread [2] on guard discovery attacks and
  possible ways of patching them. Specifically, we considered making
  the middle nodes a bit more static, but the idea was quickly shot
  down by Ian [3]. More research needs to happen in this area because
  it's a threatening problem.

- During the Tor meeting in Paris, and with the help of Yawning and
  Ximin, we sketched an initial PT roadmap. We tried to peek in the
  following months and write down our short-term and medium-term
  plans. You can find it in the wiki [4]. The roadmap is not entirely
  done yet, and will likely be revised in the upcoming weeks.

  I also sent an email to [tor-dev] [5] asking what little-t-tor PT
  features we should consider in the roadmap. Got some useful feedback
  by David and Kevin that needs to be considered.

- Did some obfsproxy maintainance.

  I merged Philipp's remaining scramblesuit patches (#11271).

  I tried to fix #12381 but that revealed a bigger problem with
  pywin32 and py2exe that makes obfsproxy/FTE with proxy support
  unbuildable for Windows. Georg was looking into it.

  I tagged a new obfsproxy release.

- The new PT spec got merged to torspec.git [6]! Feel free to submit
  patches and improvements.

- Discussed the bridge reachability problem with the OONI team. We all
  agreed that bridge reachability is a very important topic where OONI
  could be used, and the OONI team has been looking into it [7].
  The OONI team has also scheduled weekly meetings in IRC.

  The project is aiming to be a system that can evaluate whether Tor
  (and specific PTs) are blocked from various jurisdictions all around
  the world. Ideally, the data should be exposed to Tor devs (so that
  we learn which PTs and bridge distribution methods have been
  busted), to Tor users through BridgeDB (so that they are only given
  bridges that will work for them) and also to the general curious
  public (who is interested on whether Tor works from a specific area).

  The relevant trac ticket is #12544.

# Activites for August 2014

- More work on the guard stuff.

  The next pieces to proposal 236 is #12598, increasing the lifetime
  period of guards (it's currently 3 months) [8], and #9321, fixing
  the guard usage decline problem [9].

  On #12598, we are still a bit unsure whether 9 months is the best
  choice to increase guard lifetime to, as it was originally suggested
  by proposal 236. We will have to see how much the security improves
  by increasing the guard lifetime to less months (5 or 6), because
  these might be better choices than 9 months. We also need to
  understand how we change security by only switching to one guard,
  without changing the guard lifetime period at all.

  On #9321, I started working on the python script that crunches
  consensus documents to output how old each guard is. This will help
  us load balance traffic better, since young guards don't get much
  traffic on their own. I started a [tor-dev] thread [10] to discuss
  some initial findings and during August I will integrate the python
  script with Tor. I will soon publish the source code of the script
  in case someone is in the mood for review.

  Another project that needs to happen to increase guard security
  is #1258, which will make all relays also be directory servers. This
  is essential so that all entry guards can eventually also become
  directory guards. Matt posted a draft proposal to [tor-dev] [11]
  that will need to be reviewed and eventually implemented. I will try
  to help with this project.

- Revisit the rough PT roadmap with Yawning and identify missing items
  that we should do. Also, read the relevant [tor-dev] thread [12] to
  collect more ideas.

- Help Marc Juarez with the problems he has been facing with obfsproxy
  and wfpadtools [13].

- Work on the bridge reachability problem with the OONI team. We were
  also discussing a potential code sprint in Europe during Q3 2014, to
  accelerate the project more.

- The Pluggable Transports-part of the website needs to be
  improved. The installation instructions need to be improved too, and
  they need to mention more PTs (like FTE). I need to do this, or find
  someone who is interested in doing it :)

Have a good day!

[0]: https://gitweb.torproject.org/torspec.git/blob/2180422f4a1fd51ea25fa3822c830581f7a56c43:/proposals/236-single-guard-node.txt#l24
[1]: https://gitweb.torproject.org/torspec.git/blob/2180422f4a1fd51ea25fa3822c830581f7a56c43:/proposals/236-single-guard-node.txt#l145

[2]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007122.html
[3]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007123.html

[4]: https://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting/Roadmaps#PT

[5]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007128.html

[6]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/pt-spec.txt

[7]: https://lists.torproject.org/pipermail/ooni-talk/2014-July/000003.html

[8]: https://gitweb.torproject.org/torspec.git/blob/2180422f4a1fd51ea25fa3822c830581f7a56c43:/proposals/236-single-guard-node.txt#l69
[9]: https://gitweb.torproject.org/torspec.git/blob/2180422f4a1fd51ea25fa3822c830581f7a56c43:/proposals/236-single-guard-node.txt#l101

[10]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007269.html
[11]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007247.html

[12]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007128.html

[13]: https://lists.torproject.org/pipermail/tor-reports/2014-August/000606.html