diff options
| author | Christian Grothoff <christian@grothoff.org> | 2009-07-12 15:34:45 +0000 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2009-07-12 15:34:45 +0000 |
| commit | 3b8fb06caa5e1e7ee123cc99c6b3e9ba38771598 (patch) | |
| tree | 3a83cbf30c124e6957991137e86a7840634233d9 /TODO | |
| parent | 868126cd639e63cd6f4db19a19e49778fc67e0ad (diff) | |
| download | gnunet-3b8fb06caa5e1e7ee123cc99c6b3e9ba38771598.tar.gz gnunet-3b8fb06caa5e1e7ee123cc99c6b3e9ba38771598.zip | |
docprog
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 43 |
1 files changed, 19 insertions, 24 deletions
| @@ -4,30 +4,9 @@ core: | |||
| 4 | - test fails with fresh /tmp directory (but passes when run a second time) | 4 | - test fails with fresh /tmp directory (but passes when run a second time) |
| 5 | problem seems to be caused by HELLO validation (unvalidated | 5 | problem seems to be caused by HELLO validation (unvalidated |
| 6 | HELLO not used to connect for good, then somehow SETKEY never happens); | 6 | HELLO not used to connect for good, then somehow SETKEY never happens); |
| 7 | * double-check crypto involved in HELLO validation (PONG signature check; | 7 | I suspect the code simply drops messages that happen while no validated |
| 8 | what about MiM? Might be trivial right now; adding source IP-address | 8 | HELLO is available; this maybe OK, but I need to find the spot and |
| 9 | to PONG signature might help? How would we validate that (given that | 9 | add at least an INFO-log message; also should then fix testcase to retry. |
| 10 | we may be learning our source IP address(es) the same way...)) | ||
| 11 | + if we add address to transport-level PONG, we may be able to simplify | ||
| 12 | WELCOME messages (no need to add addresses there anymore, right?); | ||
| 13 | + we probably want some kind of voting/counting for learning IP addresses | ||
| 14 | (maybe including IP addresses in ads proportional to how often others | ||
| 15 | report them? we at least need some protection against >64k HELLOs!), | ||
| 16 | + provide a way to give the user a list of "learned" IP addresses and | ||
| 17 | a way to easily "veto" addresses off the list! | ||
| 18 | => If MiM attacker uses vetoed address, blacklist the specific IP for | ||
| 19 | the presumed neighbour! | ||
| 20 | * Use special, non-WELCOMEing TCP-connection for HELLO/address validation; | ||
| 21 | that way, we can avoid confusion between a dozen parallel validating connections | ||
| 22 | and the real one, avoid queueing messages on validating connections and | ||
| 23 | shut those down immediately after sending/receiving the PONG | ||
| 24 | (and maybe avoid some signalling about connections to the other layers) | ||
| 25 | * core notifies clients about "encrypted" connections being up well before | ||
| 26 | we get the encrypted PONG; sometimes this may be OK (for topology killing | ||
| 27 | unwanted connnections), but of course not in general. I suspect we want | ||
| 28 | to signal on PONG and have topology hook directly into transport to | ||
| 29 | kill plaintext connections before they have a chance to become encrypted | ||
| 30 | (may require minor hack in transport API) | ||
| 31 | 10 | ||
| 32 | Util: | 11 | Util: |
| 33 | * improve disk API [Nils] (Nils, is this done? -Christian) | 12 | * improve disk API [Nils] (Nils, is this done? -Christian) |
| @@ -153,6 +132,15 @@ Minor TODO items: | |||
| 153 | should possibly try to confirm that the given address works for | 132 | should possibly try to confirm that the given address works for |
| 154 | us ourselves (loopback-style) before adding it to the list | 133 | us ourselves (loopback-style) before adding it to the list |
| 155 | [SECURITY issue] | 134 | [SECURITY issue] |
| 135 | + we may be able to simplify WELCOME messages (no need to add | ||
| 136 | addresses there anymore, but may help to learn them there anyway...). | ||
| 137 | + we probably want some kind of voting/counting for learning IP addresses | ||
| 138 | (maybe including IP addresses in ads proportional to how often others | ||
| 139 | report them? we at least need some protection against >64k HELLOs!), | ||
| 140 | + provide a way to give the user a list of "learned" IP addresses and | ||
| 141 | a way to easily "veto" addresses off the list! | ||
| 142 | => If MiM attacker uses vetoed address, blacklist the specific IP for | ||
| 143 | the presumed neighbour! | ||
| 156 | - not sure current way of doing ACKs works well-enough | 144 | - not sure current way of doing ACKs works well-enough |
| 157 | with unreliable transports where the ACK maybe lost; | 145 | with unreliable transports where the ACK maybe lost; |
| 158 | the "is_new" check would then possibly prevent future | 146 | the "is_new" check would then possibly prevent future |
| @@ -179,6 +167,13 @@ Minor TODO items: | |||
| 179 | - have way to specify dependencies between services (to manage ARM restarts better) | 167 | - have way to specify dependencies between services (to manage ARM restarts better) |
| 180 | - client-API is inefficient since it opens a TCP connection per service that is started | 168 | - client-API is inefficient since it opens a TCP connection per service that is started |
| 181 | (instead of re-using connections). | 169 | (instead of re-using connections). |
| 170 | * CORE: | ||
| 171 | - code currently notifies clients about "encrypted" connections being up well before | ||
| 172 | we get the encrypted PONG; sometimes this may be OK (for topology killing | ||
| 173 | unwanted connnections), but of course not in general. I suspect we want | ||
| 174 | to signal on PONG and have topology hook directly into transport to | ||
| 175 | kill plaintext connections before they have a chance to become encrypted | ||
| 176 | (may require minor hack in transport API) | ||
| 182 | * PEERINFO: | 177 | * PEERINFO: |
| 183 | - have gnunet-peerinfo print actual host addresses again | 178 | - have gnunet-peerinfo print actual host addresses again |
| 184 | - add option to gnunet-peerinfo to modify trust value | 179 | - add option to gnunet-peerinfo to modify trust value |