[tor-reports] Isis' March 2014 status report

isis isis at torproject.org
Mon May 5 15:27:25 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# -*- coding: utf-8; mode: org; -*-
*** status report 2013/03
**** Isis' March 2014: Review

In March 2014, I:

 * Deployed the new CAPTCHA generation system on
   https://bridges.torproject.org and fixed several subsequent bugs in
   it. (#10809, #11218, #11219, #11314, #11377)

 * Created unittests for the `bridgedb.HTTPServer` module, which was
   previously largely untested, and which runs the web interface.

 * Triaged all the BridgeDB tickets on Trac to comment and close outdated
   tickets, which is part of the reason why so many old tickets in the
   BridgeDB component appear in my "Tickets worked on" list this month.

 * Fixed several bugs in Leekspin so that BridgeDB could use the updated
   version (0.1.3). [0] I also created a Tor Project git repo for leekspin,
   since it should be relevant to other Tor projects which might wish to test
   against mocked descriptors. [1]

 * Did a lot of code review for BridgeDB tickets which were worked on by
   other people, including sysrqb and wfn. Sysrqb contributed a series of
   rather brilliant patches to fix numerous threading issues in BridgeDB's
   database transaction design (#5232). [2] A patch was contributed by wfn to
   make the new CAPTCHA system case-insensitive. [3]

 * Worked with wfn to create a GSoC proposal for implementing a BridgeDB
   distributor to hand out bridges via Twitter DMs.

[0]: https://pypi.python.org/pypi/leekspin
[1]: https://gitweb.torproject.org/user/isis/leekspin.git
[2]: https://gitweb.torproject.org/user/sysrqb/bridgedb.git/refs/heads/bug5232_adding_concurrent_processing_squashed_r1
[3]: https://gitweb.torproject.org/bridgedb.git/commitdiff/dd9e75ba234d2d4aad90aedb0bf163d8bb13811b

**** Tickets worked on in March 2014:
***** Component: Website (1 match)
#11204 Core People page not up-to-date

***** Component: Torflow (1 match)
#5464 Decentralized measurement for network load balancing

***** Component: TorBrowserButton (1 match)
#9906 TBB3 new identity surprises users by closing all tabs

***** Component: Tor bundles/installation (5 matches)
#10425 tor's geoip6 file is missing in TBB-3.5 and hardcoded to a gitian-builder path
#9444 Create deterministic TorBrowserBundles with Pluggable Transports
#10198 TBB 2.3.25-15 crashes on Debian w/Google Drive
#10383 TBB 3.5's OpenSSL was not built with NIST P224 and P256 curve support
#10538 Think of PTTBB's pluggable transport interface

***** Component: Tor Sysadmin Team (1 match)
#11220 Update python-twisted package on ponticum
***** Component: Tor Support (1 match)
#10890 Redirect “get bridges” messages automatically

***** Component: Tor Launcher (2 matches)
#10418 Make a "Use Default Bridges" Radio button in the Tor Launcher Bridge UI
#11343 TorLauncher's UI should warn users when a bridge fingerprint appears to be incomplete

***** Component: Tor (5 matches)
#6546 Replace check.tp.o with internal mapaddress + JSON/XML object
#9498 Allow bridge descriptors to contain no address if they are not being published
#9729 Make bridges publish additional ORPort addresses in their descriptor
#10849 tunneldirconns 0 makes hidden services publish descriptors over http --  and they're refused
#11101 Bridges should report implementation versions of their pluggable transports

***** Component: Stem (1 match)
#11257 Stem believes that all bridge-extrainfo-descriptors have a 'router-digest' field
***** Component: Service - git (1 match)
#11221 Please create a user/isis/leekspin.git repo

***** Component: Pluggable transport (1 match)
#10671 Pluggable Transports: Improve method of transferring parameters to client-side transports

***** Component: Orbot (1 match)
#5096 Support transferring bridge addresses in QR codes

***** Component: BridgeDB (45 matches)
#1562 Expand the list of email providers for bridge requests
#4380 Complete BridgeDB upgrades phase 1
#5232 Import bridges into BridgeDB in a separate thread and database transaction
#7296 Make bridges.torproject.org more user friendly
#7520 Design and implement a social distributor for BridgeDB
#7547 BridgeDB email response is confusing
#7550 BridgeDB email responder is not interactive
#8614 BridgeDB should be able to return multiple transport types at the same time
#8616 Improve the interface of the mail distributor of BridgeDB
#9127 Users can't ask for ipv6 bridges with the new bridgedb interface
#9156 BridgeDB: Users try to add obfsbridges to their normal TBB
#9174 Bridgedb obfs detection not relieable
#9264 Problem with transport lines in BridgeDB's bridge pool assignment files
#9277 BridgeDB's handling of config files is non-persistent and uses an old-style class
#9316 BridgeDB should export statistics
#9425 Create and document a better BridgeDB (re)deployment strategy
#9615 Copy current BridgeDB deployment scripts into admin/bridgedb-admin repo
#9865 Create a test harness for BridgeDB
#9874 Research/design a way to automate testing of BridgeDB's HTTPS and email distributors
#10003 BridgeDB's DKIM validator seems to be broken
#10417 BridgeDB should be built and tested on Jenkins
#10446 BridgeDB is/was using a GeoIP module which is incompatible with virtualenvs
#10723 Create a staging instance for BridgeDB
#10724 Make BridgeDB's use of Stability.addOrUpdateBridgeHistory() configurable.
#10803 bridges.torproject.org still mentions Vidalia
#10809 reCAPTCHA on bridges.torproject.org are impossible to solve for humans
#10831 Captchas are not accessible for blind users
#10989 bridgedb should use starttls for outgoing mails
#11127 reCaptcha verification is hardcoded to use plaintext HTTP
#11139 BridgeDB's email whitelist should include @riseup.net
#11140 Remove yahoo.com from BridgeDB's email whitelist.
#11196 BridgeDB should use leekspin
#11215 Add timestamp/expiry to HMAC verification code in BridgeDB's local CAPTCHAs
#11216 BridgeDB is parsing PTs from `cached-extrainfo*` files cumulatively
#11218 bridgedb.HTTPServer.ReCaptchaProtectedResource.checkSolution() doesn't expect a deferred
#11219 BridgeDB's twisted version doesn´t have a `t.w.client.HTTPConnectionPool` class
#11231 BridgeDB's txrecaptcha returns the "No bridges available!" page if 'captcha_response_field' is blank
#11297 'No bridges currently available' if you want IPv6
#11330 Create a Hash Ring For Each Allowed Domain in the Email Distributor
#11345 BridgeDB should have QR codes for bridge lines
#11346 BridgeDB should link to the BridgeDB homepage somewhere
#11347 BridgeDB should have a separate landing page for TorLauncher users
#11370 Compose messages using email package instead of MimeWriter
#11377 New BridgeDB GimpCaptcha should be case insensitive (or should say it's sensitive)

**** In April 2014, I plan to work on:

  * Updating the UI for BridgeDB's email and HTTPS distributors.
  * Cleaning up BridgeDB's distributor API to make it easier to both
    implement new distributors and run distributors on different machines
    than those which manage database interactions.

**** Relevant Papers/Research:

Bellare, Mihir, et al.
  "The one-more-RSA-inversion problems and the security of Chaum's blind signature scheme."
  Journal of Cryptology 16.3 (2003): 185-215.
  http://eprint.iacr.org/2001/002.pdf

Bellare, Mihir, Michel Abdalla, and C. Namprempre.
  "From identification to signatures via the Fiat-Shamir transform:
   Minimizing assumptions for security and forward-security."
  Advances in Cryptology—EUROCRYPT 2002. Springer Berlin Heidelberg, 2002.
  https://cseweb.ucsd.edu/~mihir/papers/id-sig.pdf

Camenisch, Jan, and Anna Lysyanskaya.
  "Signature schemes and anonymous credentials from bilinear maps."
  Advances in Cryptology–CRYPTO 2004. Springer Berlin Heidelberg, 2004.
  http://static.cs.brown.edu/people/anna/papers/cl04.pdf

Camenisch, Jan, Susan Hohenberger, and Anna Lysyanskaya.
  "How to Win the Clone Wars: Efficient Periodic n-Times Anonymous Authentication."
  Proceedings of the 13th ACM conference on Computer and communications security.
  ACM, 2006.
  http://tor-svn.freehaven.net/anonbib/cache/clonewars.pdf

Camenisch, Jan, Susan Hohenberger, and Anna Lysyanskaya.
  "Balancing accountability and privacy using e-cash."
  Security and Cryptography for Networks.
  Springer Berlin Heidelberg, 2006. 141-155.
  http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.121.1990&rep=rep1&type=pdf

Doshi, Nishant, and Devesh Jinwala.
  "Constant Ciphertext Length in CP-ABE."
  IACR Cryptology ePrint Archive 2012 (2012): 500.
  http://eprint.iacr.org/2012/500.pdf

- -- 
 ♥Ⓐ isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-----BEGIN PGP SIGNATURE-----

iQMhBAEBCgELBQJTZ63dBYMB4TOAVhSAAAAAACUAKGlzaXMrc2lnbnN1YmtleUBw
YXR0ZXJuc2ludGhldm9pZC5uZXRGQzYzQUE1Q0QxOTM4NjlDMzIzNzE0NUE1QzE3
Nzc2RTI3RjdFODRESxSAAAAAABoAKGlzaXNAcGF0dGVybnNpbnRoZXZvaWQubmV0
MEE2QTU4QTE0QjU5NDZBQkRFMThFMjA3QTNBREI2N0EyQ0RCOEIzNS4aaHR0cHM6
Ly9ibG9nLnBhdHRlcm5zaW50aGV2b2lkLm5ldC9wb2xpY3kudHh0LJhodHRwczov
L2Jsb2cucGF0dGVybnNpbnRoZXZvaWQubmV0L2lzaXMudHh0AAoJEFwXd24n9+hN
CgsP/2gjDK6wj/1j1iiGF9zrpj5iXjEBTCnh/3DwvpGMLt0XvHywIjqdMeJpvGyk
bDdaItxZNGhLV2EQfHiT3Y1VUBQsk6gGbXChqMd0kqTCD9uhZhs5v2PtN595Tmxw
9j3K9W0VkLPh4oEorcKZ5QNcidAnY0JRiCP6ALBEgDNfrnJvbBpQI02llG9VcJhg
Te1WeHarc5DjnYSzp6ajVeHKbxYU7E1QEOt3llMxYahIa94kwe+ThOOts5m/e7rS
gQeGzVE+c8HYhfqbqYGjrVFNTYpLlSfXgnh8F9WV9CSl4Ek6/nIU9Xdf9wXAMJfp
tENm2udrGBROO32wECx0vvtiVAM206bqd4QdVW2T47gbYE84T/0WGbSSJfAGkjSG
QMXUh3iRboJspU2FwgoX3rGo07rYyTJTIkD3+6V/PjDwFrC107qV2rfNRf5OuHoL
jrWVBPvSI129V8LI9kOKO+r9l1iMU4tIwdHU+1Fm4bBRZE7urgVqeM/uwldyst1d
TTbUBSji69Q+J6Xk9MgWaCNX2LCuBKPPsfxjAqyN9xBUnPTc/e8EAEmueUQUXOx3
PVBBKoEJmZ5XiVXf28Sz9MYjSkjvVUUKg1L8yWXPNS/j3rQCL/NsH4/rjzh9g02E
u8fKoeMphhDjFpbghoE3P4692uxxHgdAK65bOvb4GyxJK5ln
=jO/G
-----END PGP SIGNATURE-----

More information about the tor-reports mailing list