aboutsummaryrefslogtreecommitdiff
path: root/doc/TODO.external
diff options
context:
space:
mode:
Diffstat (limited to 'doc/TODO.external')
-rw-r--r--doc/TODO.external110
1 files changed, 110 insertions, 0 deletions
diff --git a/doc/TODO.external b/doc/TODO.external
index 4382403c4..c801a8ab4 100644
--- a/doc/TODO.external
+++ b/doc/TODO.external
@@ -70,3 +70,113 @@ S - Continue analyzing "traces" left on host machine by use of
I d Get a relay operator mailing list going, with a plan and supporting
scripts and so on.
+For mid August:
+
+Section 0, items that didn't make it into the original roadmap:
+
+0.1, installers and packaging
+C - i18n for the msi bundle files
+P - more consistent TBB builds
+IC- get a buildbot up again. Have Linux and BSD build machines.
+ (Windows would be nice but realistically will come later.)
+E - Get Tor to work properly on the iPhone.
+
+3.1.1, performance work.
+
+XXX
+
+4.1, IOCP / libevent / windows / tor
+N - get it working for nick
+N - put out a release so other people can start testing it.
+N - both the libevent buffer abstraction, and the
+ tor-uses-libevent-buffer-abstraction. Unless we think that's
+ unreachable for this milestone?
+
+4.2.1, risks from becoming a relay
+S - Have a clear plan for how users who become relays will be safe,
+ and be confident that we can build this plan.
+ - evaluate all the various attacks that are made possible by relaying.
+ specifically, see "relaying-traffic attacks" in 6.6.
+ - identify and evaluate ways to make them not a big deal
+ - setting a low RelayBandwidth
+ - Nick Hopper's FC08 paper suggesting that we should do a modified
+ round-robin so we leak less about other circuits
+ - instructing clients to disable pings in their firewall, etc
+ - pick the promising ones, improve them so they're even better, and
+ spec them out so we know how to build them and how much effort is
+ involved in building them.
+
+4.5, clients download less directory info
+N - deploy proposal 158.
+N - decide whether to do proposal 140. if so, construct an implementation
+ plan for how we'll do it. if not, explain why not.
+
+5.1, Normalize TLS fingerprint
+N - write a draft list of possible attacks for this section, with
+ estimates about difficulty of attack, difficulty of solution, etc
+N - revisit the list and revise our plans as needed
+NR- put up a blog post about the two contradictory conclusions: we can
+ discuss the theory of arms races, and our quandry, without revealing
+ any specific vulnerabilities. (or decide not to put up a blog post,
+ and explain why not.)
+
+5.5, email autoresponder
+I - maintenance and keeping it running
+
+5.7.2, metrics
+
+XXX.
+
+6.2, Vidalia work
+E - add breakpad support or similar for windows debugging
+E - let vidalia change languages without needing a restart
+E - Implement the status warning event interface started for the
+ phase one deliverables.
+E - Work with Steve Tyree on building a Vidalia plugin API to enable
+ building Herdict and TBB plugins.
+
+6.3, Node scanning
+M - Steps toward automation
+ - Set up email list for results
+ - Map failure types to potential BadExit lines
+M - Improve the ability of SoaT to mimic various real web browsers
+ - randomizing user agents and locale strings
+ - caching, XMLHTTPRequest, form posting, content sniffing
+ - Investigate ideas like running Chrome/xulrunner in parallel
+M - Other protocols
+ - SSH, IMAPS, POPS, SMTPS
+M - Add ability to geolocalize exit selection based on scanner location
+ - Use this to rescan dynamic urls filtered by the URL filter
+
+6.4, Torbutton development
+M - Resolve extension conflicts and other high priority bugs
+M - Fix or hack around ugly firefox bugs, especially Timezone issue.
+ Definitely leaning towards "hack around" unless we see some
+ level of love from Mozilla.
+M - Vidalia New Nym Integration
+ - Implement for Torbutton to pick up on Vidalia's NEWNYM and clear
+ cookies based on FoeBud's source
+ - Do this in such a way that we could adapt polipo to purge cache
+ if we were so inclined
+M - Write up a summary of our options for dealing with the google
+ you-must-solve-a-captcha-to-search problem, and pick one as our
+ favorite option.
+
+6.6, Evaluate new anonymity attacks
+S - relaying-traffic attacks
+ - original murdoch-danezis attack
+ - nick hopper's latency measurement attack
+ - columbia bandwidth measurement attack
+ - christian grothoff's long-circuit attack
+S - client attacks
+ - website fingerprinting
+
+7.1, Tor VM Research, analysis, and prototyping
+C - Get a working package out, meaning other people are testing it.
+
+7.2, Tor Browser Bundle
+I - Port to one of OS X or Linux, and start the port to the other.
+I - Make it the recommended Tor download on Windows
+I - Make sure it's easy to un-brand TBB in case Firefox asks us to
+I - Evaluate CCC's Freedom Stick
+