# Activites of July 2014 - Continued work on guard security:
Made some progress on #12595, designing a better interface and data structures for entry guards. That is, some system that will ensure that entry guard order is always respected and no entry guard skips (like #12466 and #12450) can happen. Nick suggested formalizing the wanted interface a bit, and specifying inputs/outputs and the various events that can happen. Helped Roger with #12690 and #12688 which are now merged and initiate the deployment of proposal 236. Specifically, they add a consensus parameter that makes the number of guard configurable [0], and also increases the bandwidth requirement for being a guard from 250KB/s to 2MB/s [1]. Roger released tor-0.2.5.6-alpha with those patches and authorities will need to upgrade to it. I also started a [tor-dev] thread [2] on guard discovery attacks and possible ways of patching them. Specifically, we considered making the middle nodes a bit more static, but the idea was quickly shot down by Ian [3]. More research needs to happen in this area because it's a threatening problem. - During the Tor meeting in Paris, and with the help of Yawning and Ximin, we sketched an initial PT roadmap. We tried to peek in the following months and write down our short-term and medium-term plans. You can find it in the wiki [4]. The roadmap is not entirely done yet, and will likely be revised in the upcoming weeks. I also sent an email to [tor-dev] [5] asking what little-t-tor PT features we should consider in the roadmap. Got some useful feedback by David and Kevin that needs to be considered. - Did some obfsproxy maintainance. I merged Philipp's remaining scramblesuit patches (#11271). I tried to fix #12381 but that revealed a bigger problem with pywin32 and py2exe that makes obfsproxy/FTE with proxy support unbuildable for Windows. Georg was looking into it. I tagged a new obfsproxy release. - The new PT spec got merged to torspec.git [6]! Feel free to submit patches and improvements. - Discussed the bridge reachability problem with the OONI team. We all agreed that bridge reachability is a very important topic where OONI could be used, and the OONI team has been looking into it [7]. The OONI team has also scheduled weekly meetings in IRC. The project is aiming to be a system that can evaluate whether Tor (and specific PTs) are blocked from various jurisdictions all around the world. Ideally, the data should be exposed to Tor devs (so that we learn which PTs and bridge distribution methods have been busted), to Tor users through BridgeDB (so that they are only given bridges that will work for them) and also to the general curious public (who is interested on whether Tor works from a specific area). The relevant trac ticket is #12544. # Activites for August 2014 - More work on the guard stuff. The next pieces to proposal 236 is #12598, increasing the lifetime period of guards (it's currently 3 months) [8], and #9321, fixing the guard usage decline problem [9]. On #12598, we are still a bit unsure whether 9 months is the best choice to increase guard lifetime to, as it was originally suggested by proposal 236. We will have to see how much the security improves by increasing the guard lifetime to less months (5 or 6), because these might be better choices than 9 months. We also need to understand how we change security by only switching to one guard, without changing the guard lifetime period at all. On #9321, I started working on the python script that crunches consensus documents to output how old each guard is. This will help us load balance traffic better, since young guards don't get much traffic on their own. I started a [tor-dev] thread [10] to discuss some initial findings and during August I will integrate the python script with Tor. I will soon publish the source code of the script in case someone is in the mood for review. Another project that needs to happen to increase guard security is #1258, which will make all relays also be directory servers. This is essential so that all entry guards can eventually also become directory guards. Matt posted a draft proposal to [tor-dev] [11] that will need to be reviewed and eventually implemented. I will try to help with this project. - Revisit the rough PT roadmap with Yawning and identify missing items that we should do. Also, read the relevant [tor-dev] thread [12] to collect more ideas. - Help Marc Juarez with the problems he has been facing with obfsproxy and wfpadtools [13]. - Work on the bridge reachability problem with the OONI team. We were also discussing a potential code sprint in Europe during Q3 2014, to accelerate the project more. - The Pluggable Transports-part of the website needs to be improved. The installation instructions need to be improved too, and they need to mention more PTs (like FTE). I need to do this, or find someone who is interested in doing it :) Have a good day! [0]: https://gitweb.torproject.org/torspec.git/blob/2180422f4a1fd51ea25fa3822c830581f7a56c43:/proposals/236-single-guard-node.txt#l24 [1]: https://gitweb.torproject.org/torspec.git/blob/2180422f4a1fd51ea25fa3822c830581f7a56c43:/proposals/236-single-guard-node.txt#l145 [2]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007122.html [3]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007123.html [4]: https://trac.torproject.org/projects/tor/wiki/org/meetings/2014SummerDevMeeting/Roadmaps#PT [5]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007128.html [6]: https://gitweb.torproject.org/torspec.git/blob/HEAD:/pt-spec.txt [7]: https://lists.torproject.org/pipermail/ooni-talk/2014-July/000003.html [8]: https://gitweb.torproject.org/torspec.git/blob/2180422f4a1fd51ea25fa3822c830581f7a56c43:/proposals/236-single-guard-node.txt#l69 [9]: https://gitweb.torproject.org/torspec.git/blob/2180422f4a1fd51ea25fa3822c830581f7a56c43:/proposals/236-single-guard-node.txt#l101 [10]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007269.html [11]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007247.html [12]: https://lists.torproject.org/pipermail/tor-dev/2014-July/007128.html [13]: https://lists.torproject.org/pipermail/tor-reports/2014-August/000606.html _______________________________________________ tor-reports mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports
