Hello people,
in the beginning of 2016 we started organizing little-t-tor proposal reading groups in IRC, where we would discuss the current status of Tor proposals and coordinate on how to move them forward. You can see a list of previous such meetings here: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/MeetingS...
Unfortunately at some point, 2016 started showing its true self, and we kind of stopped doing those meetings in March. But they were useful, and we should probably start doing them again!
I went through the mailing list and found a few interesting subjects that could benefit from group discussion. Here are some ideas:
- Post-Quantum key exchanges for Tor
There are a few proposals falling under this topic that were developed in the past months. Here are a few: https://gitweb.torproject.org/torspec.git/tree/proposals/263-ntru-for-pq-han... https://gitweb.torproject.org/torspec.git/tree/proposals/269-hybrid-handshak... https://gitweb.torproject.org/torspec.git/tree/proposals/270-newhope-hybrid-... https://lists.torproject.org/pipermail/tor-dev/2016-October/011553.html
I'm far from an expert on this field, so I'm not sure about the current status of this project and the right direction to approach it. However, it seems that there have been enough developments here lately that a group discussion might be useful.
- A name system API for Tor
This is a proposal suggesting a single API that allows us to integrate secure name systems with Tor hidden services: https://lists.torproject.org/pipermail/tor-dev/2016-October/011514.html
The proposal received useful feedback in and out of the mailing list. It seems that implementing the proposal as part of a Tor controller might be an easier way to test it. Some discussion on future directions might be helpful here, as this is something that will be needed sooner than later.
- New topics in Next Gen Hidden Services
We've done multiple IRC meetings on prop224, but it keeps on growing as it's being developed. Here are a few topics that might be worth discussing as a group: - Control port API for hidden services (https://trac.torproject.org/projects/tor/ticket/20699) - torrc UX for hidden services (https://lists.torproject.org/pipermail/tor-dev/2016-November/011661.html) - torrc/control UX for hidden service client auth (https://lists.torproject.org/pipermail/tor-dev/2016-November/011617.html) - UX for offline keys (https://trac.torproject.org/projects/tor/ticket/18098) - UX of hidden services on Tor Browser
- Prop271: Another algorithm for guard selection
We've also done a few IRC meetings on future guard algorithms, but we are now closer to completing that project than ever. After we have a few results and statistics of the new guard algorithm, it might be worth scheduling a meeting to discuss how well it works and ways to improve it.
- And here are some more misc projects that might be worth discussing further: - The Tor browser sandbox that Yawning is developing and UX implications? - prop273: Exit relay pinning for web services ?
Please let me know if you are excited talking about any of these topics (feel free to +1 in private email if you feel it's too spammy), or if there are any topics I forgot to mention.
If we get enough participation we can schedule the first such meeting for December.
Thanks!
On 30 Nov. 2016, at 05:04, George Kadianakis desnacked@riseup.net wrote:
Hello people,
in the beginning of 2016 we started organizing little-t-tor proposal reading groups in IRC, where we would discuss the current status of Tor proposals and coordinate on how to move them forward. You can see a list of previous such meetings here: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/MeetingS...
Unfortunately at some point, 2016 started showing its true self, and we kind of stopped doing those meetings in March. But they were useful, and we should probably start doing them again!
I went through the mailing list and found a few interesting subjects that could benefit from group discussion. Here are some ideas:
- Post-Quantum key exchanges for Tor
There are a few proposals falling under this topic that were developed in the past months. Here are a few: https://gitweb.torproject.org/torspec.git/tree/proposals/263-ntru-for-pq-han... https://gitweb.torproject.org/torspec.git/tree/proposals/269-hybrid-handshak... https://gitweb.torproject.org/torspec.git/tree/proposals/270-newhope-hybrid-... https://lists.torproject.org/pipermail/tor-dev/2016-October/011553.html
I'm far from an expert on this field, so I'm not sure about the current status of this project and the right direction to approach it. However, it seems that there have been enough developments here lately that a group discussion might be useful.
- A name system API for Tor
This is a proposal suggesting a single API that allows us to integrate secure name systems with Tor hidden services: https://lists.torproject.org/pipermail/tor-dev/2016-October/011514.html
The proposal received useful feedback in and out of the mailing list. It seems that implementing the proposal as part of a Tor controller might be an easier way to test it. Some discussion on future directions might be helpful here, as this is something that will be needed sooner than later.
- New topics in Next Gen Hidden Services
We've done multiple IRC meetings on prop224, but it keeps on growing as it's being developed. Here are a few topics that might be worth discussing as a group:
Control port API for hidden services (https://trac.torproject.org/projects/tor/ticket/20699)
torrc UX for hidden services (https://lists.torproject.org/pipermail/tor-dev/2016-November/011661.html)
torrc/control UX for hidden service client auth (https://lists.torproject.org/pipermail/tor-dev/2016-November/011617.html)
UX for offline keys (https://trac.torproject.org/projects/tor/ticket/18098)
UX of hidden services on Tor Browser
Prop271: Another algorithm for guard selection
We've also done a few IRC meetings on future guard algorithms, but we are now closer to completing that project than ever. After we have a few results and statistics of the new guard algorithm, it might be worth scheduling a meeting to discuss how well it works and ways to improve it.
- And here are some more misc projects that might be worth discussing further:
- The Tor browser sandbox that Yawning is developing and UX implications?
All of the above seem like a good idea.
- prop273: Exit relay pinning for web services ?
This got some negative feedback on the mailing list that I tend to agree with, the proposal should either be shelved, or heavily modified to address the client attacks it enables.
(I'm not sure it's possible to modify it to address the attacks.)
T
On 29 November 2016 at 13:55, teor teor2345@gmail.com wrote:
All of the above seem like a good idea.
- prop273: Exit relay pinning for web services ?
This got some negative feedback on the mailing list that I tend to agree with, the proposal should either be shelved, or heavily modified to address the client attacks it enables.
(I'm not sure it's possible to modify it to address the attacks.)
+1 to teor's comments =)
-tom
On Tue, Nov 29, 2016 at 1:04 PM, George Kadianakis desnacked@riseup.net wrote:
Thanks for picking this up again, George!
[...]
Post-Quantum key exchanges for Tor
There are a few proposals falling under this topic that were developed in the past months. Here are a few: https://gitweb.torproject.org/torspec.git/tree/proposals/263-ntru-for-pq-han... https://gitweb.torproject.org/torspec.git/tree/proposals/269-hybrid-handshak... https://gitweb.torproject.org/torspec.git/tree/proposals/270-newhope-hybrid-... https://lists.torproject.org/pipermail/tor-dev/2016-October/011553.html
I'm far from an expert on this field, so I'm not sure about the current status of this project and the right direction to approach it. However, it seems that there have been enough developments here lately that a group discussion might be useful.
Could be! I'd like to hear more here from our domain experts, since as far as I can tell, we have more to discuss here.
Also, (nearly?) all of these will need proposal 249 (for large create cells) or something like it.
A name system API for Tor
This is a proposal suggesting a single API that allows us to integrate secure name systems with Tor hidden services: https://lists.torproject.org/pipermail/tor-dev/2016-October/011514.html
The proposal received useful feedback in and out of the mailing list. It seems that implementing the proposal as part of a Tor controller might be an easier way to test it. Some discussion on future directions might be helpful here, as this is something that will be needed sooner than later.
+1.
New topics in Next Gen Hidden Services
We've done multiple IRC meetings on prop224, but it keeps on growing as it's being developed. Here are a few topics that might be worth discussing as a group:
- Control port API for hidden services (https://trac.torproject.org/projects/tor/ticket/20699)
- torrc UX for hidden services (https://lists.torproject.org/pipermail/tor-dev/2016-November/011661.html)
- torrc/control UX for hidden service client auth (https://lists.torproject.org/pipermail/tor-dev/2016-November/011617.html)
- UX for offline keys (https://trac.torproject.org/projects/tor/ticket/18098)
- UX of hidden services on Tor Browser
+1, but let's make sure we have at least a sketch proposal or list of questions for each thing as we discuss it?
Prop271: Another algorithm for guard selection
We've also done a few IRC meetings on future guard algorithms, but we are now closer to completing that project than ever. After we have a few results and statistics of the new guard algorithm, it might be worth scheduling a meeting to discuss how well it works and ways to improve it.
Also +1. It might be a good idea to schedule this after we have time to review the code we've got so far. (See #19877)
George Kadianakis:
Hello people,
in the beginning of 2016 we started organizing little-t-tor proposal reading groups in IRC, where we would discuss the current status of Tor proposals and coordinate on how to move them forward. You can see a list of previous such meetings here: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/MeetingS...
Unfortunately at some point, 2016 started showing its true self, and we kind of stopped doing those meetings in March. But they were useful, and we should probably start doing them again!
I went through the mailing list and found a few interesting subjects that could benefit from group discussion. Here are some ideas:
[snip]
A name system API for Tor
This is a proposal suggesting a single API that allows us to integrate secure name systems with Tor hidden services: https://lists.torproject.org/pipermail/tor-dev/2016-October/011514.html
The proposal received useful feedback in and out of the mailing list. It seems that implementing the proposal as part of a Tor controller might be an easier way to test it. Some discussion on future directions might be helpful here, as this is something that will be needed sooner than later.
I'd be happy to participate in a meeting on the name system API. It might also be useful to have someone present from the I2P community, to provide some perspective on interoperability between what Tor does and what I2P does. (Or for that matter any other system that might use a pluggable name system API with similar use cases to Tor and I2P.)
Cheers, -Jeremy
-
George Kadianakis -
Jeremy Rand -
Nick Mathewson -
teor -
Tom Ritter