4 files changed, 37 insertions, 9 deletions
diff --git a/TODO b/TODO
index 28ee22259..e9a52069e 100644
--- a/TODO
+++ b/TODO
@@ -1,12 +1,40 @@
 PHASE #1: (Goal: settle key design questions)
+core:
+- test fails with fresh /tmp directory (but passes when run a second time)
+  problem seems to be caused by HELLO validation (unvalidated 
+  HELLO not used to connect for good, then somehow SETKEY never happens);
+  * double-check crypto involved in HELLO validation (PONG signature check; 
+    what about MiM?  Might be trivial right now; adding source IP-address
+    to PONG signature might help?  How would we validate that (given that
+    we may be learning our source IP address(es) the same way...))
+    + if we add address to transport-level PONG, we may be able to simplify
+      WELCOME messages (no need to add addresses there anymore, right?);
+    + we probably want some kind of voting/counting for learning IP addresses
+      (maybe including IP addresses in ads proportional to how often others
+       report them? we at least need some protection against >64k HELLOs!),
+    + provide a way to give the user a list of "learned" IP addresses and
+      a way to easily "veto" addresses off the list!
+      => If MiM attacker uses vetoed address, blacklist the specific IP for
+         the presumed neighbour!
+ * Use special, non-WELCOMEing TCP-connection for HELLO/address validation;
+    that way, we can avoid confusion between a dozen parallel validating connections
+    and the real one, avoid queueing messages on validating connections and
+    shut those down immediately after sending/receiving the PONG
+    (and maybe avoid some signalling about connections to the other layers)
+  * core notifies clients about "encrypted" connections being up well before
+    we get the encrypted PONG; sometimes this may be OK (for topology killing
+    unwanted connnections), but of course not in general.  I suspect we want
+    to signal on PONG and have topology hook directly into transport to
+    kill plaintext connections before they have a chance to become encrypted
+    (may require minor hack in transport API)
 Util:
-* improve disk API [Nils]
+* improve disk API [Nils] (Nils, is this done? -Christian)
 * Windows: use events instead of pipes to signal select()s [Nils]
-* only connect() sockets that are ready (select())
+* only connect() sockets that are ready (select()) [Nils]
-  [Nils: I'm not sure what you mean by this; fresh sockets are always
+  [On W32, we need to select after calling socket before
-   ready for connect(), just 'write' after connect needs select AFAIK;
+   doing connect etc.]
-   please clarify. --Christian]
 TESTCASES WANTED:
 For these functions, it would be nice if we had testcases ("make check")
diff --git a/src/core/test_core_api.c b/src/core/test_core_api.c
index 53e031306..223b52eb9 100644
--- a/src/core/test_core_api.c
+++ b/src/core/test_core_api.c
@@ -18,7 +18,7 @@
     Boston, MA 02111-1307, USA.
 */
 /**
- * @file transport/test_core_api.c
+ * @file core/test_core_api.c
 * @brief testcase for core_api.c
 *
 * FIXME:
@@ -34,7 +34,7 @@
 #include "gnunet_scheduler_lib.h"
 #include "gnunet_transport_service.h"
-#define VERBOSE GNUNET_NO
+#define VERBOSE GNUNET_YES
 #define START_ARM GNUNET_YES
diff --git a/src/core/test_core_api_peer1.conf b/src/core/test_core_api_peer1.conf
index 0cea16038..1904137c0 100644
--- a/src/core/test_core_api_peer1.conf
+++ b/src/core/test_core_api_peer1.conf
@@ -12,7 +12,7 @@ PLUGINS = tcp
 #PREFIX = xterm -T transport1 -e
 #PREFIX = xterm -T transport1 -e gdb -x cmd --args
 #PREFIX = xterm -T transport1 -e valgrind --tool=memcheck
-#DEBUG = YES
+DEBUG = YES
 [arm]
 PORT = 12466
diff --git a/src/core/test_core_api_peer2.conf b/src/core/test_core_api_peer2.conf
index 6e311e1e1..433bcf766 100644
--- a/src/core/test_core_api_peer2.conf
+++ b/src/core/test_core_api_peer2.conf
@@ -11,7 +11,7 @@ PORT = 22465
 PLUGINS = tcp
 #PREFIX = xterm -T transport2 -e
 #PREFIX = xterm -T transport2 -e valgrind --tool=memcheck
-#DEBUG = YES
+DEBUG = YES
 [arm]
 PORT = 22466