diff options
author | Christian Grothoff <christian@grothoff.org> | 2009-07-12 15:34:45 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2009-07-12 15:34:45 +0000 |
commit | 3b8fb06caa5e1e7ee123cc99c6b3e9ba38771598 (patch) | |
tree | 3a83cbf30c124e6957991137e86a7840634233d9 /TODO | |
parent | 868126cd639e63cd6f4db19a19e49778fc67e0ad (diff) | |
download | gnunet-3b8fb06caa5e1e7ee123cc99c6b3e9ba38771598.tar.gz gnunet-3b8fb06caa5e1e7ee123cc99c6b3e9ba38771598.zip |
docprog
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 43 |
1 files changed, 19 insertions, 24 deletions
@@ -4,30 +4,9 @@ core: | |||
4 | - test fails with fresh /tmp directory (but passes when run a second time) | 4 | - test fails with fresh /tmp directory (but passes when run a second time) |
5 | problem seems to be caused by HELLO validation (unvalidated | 5 | problem seems to be caused by HELLO validation (unvalidated |
6 | HELLO not used to connect for good, then somehow SETKEY never happens); | 6 | HELLO not used to connect for good, then somehow SETKEY never happens); |
7 | * double-check crypto involved in HELLO validation (PONG signature check; | 7 | I suspect the code simply drops messages that happen while no validated |
8 | what about MiM? Might be trivial right now; adding source IP-address | 8 | HELLO is available; this maybe OK, but I need to find the spot and |
9 | to PONG signature might help? How would we validate that (given that | 9 | add at least an INFO-log message; also should then fix testcase to retry. |
10 | we may be learning our source IP address(es) the same way...)) | ||
11 | + if we add address to transport-level PONG, we may be able to simplify | ||
12 | WELCOME messages (no need to add addresses there anymore, right?); | ||
13 | + we probably want some kind of voting/counting for learning IP addresses | ||
14 | (maybe including IP addresses in ads proportional to how often others | ||
15 | report them? we at least need some protection against >64k HELLOs!), | ||
16 | + provide a way to give the user a list of "learned" IP addresses and | ||
17 | a way to easily "veto" addresses off the list! | ||
18 | => If MiM attacker uses vetoed address, blacklist the specific IP for | ||
19 | the presumed neighbour! | ||
20 | * Use special, non-WELCOMEing TCP-connection for HELLO/address validation; | ||
21 | that way, we can avoid confusion between a dozen parallel validating connections | ||
22 | and the real one, avoid queueing messages on validating connections and | ||
23 | shut those down immediately after sending/receiving the PONG | ||
24 | (and maybe avoid some signalling about connections to the other layers) | ||
25 | * core notifies clients about "encrypted" connections being up well before | ||
26 | we get the encrypted PONG; sometimes this may be OK (for topology killing | ||
27 | unwanted connnections), but of course not in general. I suspect we want | ||
28 | to signal on PONG and have topology hook directly into transport to | ||
29 | kill plaintext connections before they have a chance to become encrypted | ||
30 | (may require minor hack in transport API) | ||
31 | 10 | ||
32 | Util: | 11 | Util: |
33 | * improve disk API [Nils] (Nils, is this done? -Christian) | 12 | * improve disk API [Nils] (Nils, is this done? -Christian) |
@@ -153,6 +132,15 @@ Minor TODO items: | |||
153 | should possibly try to confirm that the given address works for | 132 | should possibly try to confirm that the given address works for |
154 | us ourselves (loopback-style) before adding it to the list | 133 | us ourselves (loopback-style) before adding it to the list |
155 | [SECURITY issue] | 134 | [SECURITY issue] |
135 | + we may be able to simplify WELCOME messages (no need to add | ||
136 | addresses there anymore, but may help to learn them there anyway...). | ||
137 | + we probably want some kind of voting/counting for learning IP addresses | ||
138 | (maybe including IP addresses in ads proportional to how often others | ||
139 | report them? we at least need some protection against >64k HELLOs!), | ||
140 | + provide a way to give the user a list of "learned" IP addresses and | ||
141 | a way to easily "veto" addresses off the list! | ||
142 | => If MiM attacker uses vetoed address, blacklist the specific IP for | ||
143 | the presumed neighbour! | ||
156 | - not sure current way of doing ACKs works well-enough | 144 | - not sure current way of doing ACKs works well-enough |
157 | with unreliable transports where the ACK maybe lost; | 145 | with unreliable transports where the ACK maybe lost; |
158 | the "is_new" check would then possibly prevent future | 146 | the "is_new" check would then possibly prevent future |
@@ -179,6 +167,13 @@ Minor TODO items: | |||
179 | - have way to specify dependencies between services (to manage ARM restarts better) | 167 | - have way to specify dependencies between services (to manage ARM restarts better) |
180 | - client-API is inefficient since it opens a TCP connection per service that is started | 168 | - client-API is inefficient since it opens a TCP connection per service that is started |
181 | (instead of re-using connections). | 169 | (instead of re-using connections). |
170 | * CORE: | ||
171 | - code currently notifies clients about "encrypted" connections being up well before | ||
172 | we get the encrypted PONG; sometimes this may be OK (for topology killing | ||
173 | unwanted connnections), but of course not in general. I suspect we want | ||
174 | to signal on PONG and have topology hook directly into transport to | ||
175 | kill plaintext connections before they have a chance to become encrypted | ||
176 | (may require minor hack in transport API) | ||
182 | * PEERINFO: | 177 | * PEERINFO: |
183 | - have gnunet-peerinfo print actual host addresses again | 178 | - have gnunet-peerinfo print actual host addresses again |
184 | - add option to gnunet-peerinfo to modify trust value | 179 | - add option to gnunet-peerinfo to modify trust value |