Re: [tor-dev] Moving key material out of the main tor process

Nick Mathewson wrote Tue, 2 Jun 2020 11:51:07 -0400: > One issue with the ssh-agent protocol as I see it is that it isn't > originally designed for decryption or for high-volume usage. If we > want to support those in the future, we'll need to make sure that we > have an extension path for them

Re: [tor-dev] Moving key material out of the main tor process

David Goulet wrote Fri, 29 May 2020 09:41:51 -0400: >> ## The idea of a vault component >> >> ahf and others in the network team have been discussing the >> possibility of a "vault" component in tor, for moving private keys out >> of the tor process. Separating secret key material from the code

[tor-dev] Moving key material out of the main tor process

Hi, tl;dr How to move key material out of tor? ## The idea of a vault component ahf and others in the network team have been discussing the possibility of a "vault" component in tor, for moving private keys out of the tor process. Separating secret key material from the code handling data from t

Re: [tor-dev] Hogging of second_elapsed_callback()

teor wrote Sun, 15 Apr 2018 08:48:01 +1000: > Connections and circuits might timeout over that 6.5 seconds. OK, good to know. > Can you shift the signing to its own thread? > Or make it asynchronous? > > Tor has cpuworkers, which could be used to do signing work. Some non-blockingness would b

[tor-dev] Hogging of second_elapsed_callback()

Hi, How long time can we spend signing status documents before tor gets sad? I ask because I'm planning on putting dirauth signing keys on a sloow HSM and would like to understand if I'd have to make format_networkstatus_vote() and networkstatus_compute_consensus() (and their callers) be "res

Re: [tor-dev] [prop-meeting] [prop#239] "Consensus Chain Hashing"

isis agora lovecruft wrote Fri, 9 Feb 2018 00:08:19 +: > Hi! > > The notes from this meeting are online. [0] Thanks to everyone who attended! > > We've decided to have the prop#267 [1] meeting next, then (potentially, > depending on > the takeaway from the prop#267 meeting) revise prop#239

Re: [tor-dev] Not enabling IPv6 on check.torproject.org?

Frederic Jacobs wrote Wed, 17 Aug 2016 23:17:28 -0700: > That’s a scary warning to get in Tor browser. Any reason > chiwui.torproject.org has an IPv6 > address? Can it be disabled to avoid having people (unnecessarily) > freaking out over this warning? > > Thoughts

[tor-dev] What does TorBulkExitList.py return?

Hi, I'm trying to figure out why a list from [TorBulkExitList.py] is so much larger than what is seen in [exit-addresses]. Point in case: Earlier today the list from TorBulkExitList.py contained 58% more addresses than exit-addresses: --8<---cut here---start->

[tor-dev] Notes from the prop267 meeting 2016-03-17

Hi, Here's a summary of what happened in the prop267 meeting in #tor-dev yesterday with Nick, Tom, Sebastian and myself. Sebastian started by summarising the proposal nicely. Topics discussed: - for bootstrap reasons we can't mandate using tor for all communication - SCT's or not: using SCT's in

Re: [tor-dev] Scheduling next proposal discussion meetings

Isabela wrote Fri, 11 Mar 2016 16:09:22 -0800: | * Proposal 267: Tor Consensus Transparency | **Thursday, March 17th 1600 UTC* | * Must-have attendees: ln5, leif | * Conflicts: (If you are noting a conflict, please include a big bunch | of times when you COULD make it.) | * ln5: no can

[tor-dev] Tor consensus documents now in a public append-only verifiable log

Hi, One of the directory authoritites (maatuska) is submitting new consensus documents to a public append-only verifiable log, similar to what Certificate Transparency uses. If you think this is exciting and want to help out with this experiment, consider setting up a monitor and start looking fo

[tor-dev] Tor Consensus Transparency, take two

e: Tor Consensus Transparency Author: Linus Nordberg Created: 2014-06-28 Status: Draft 0. Introduction This document describes how to provide and use public, append-only, verifiable logs containing Tor consensus and vote status documents, much like what Certificate Transparency [CT] does for TLS

Re: [tor-dev] Draft proposal: Tor Consensus Transparency

Ximin Luo wrote Sun, 06 Jul 2014 17:06:56 +0100: | (Disclaimer, I don't know the details of how consensus documents | work. Some assumptions I made might be wrong.) | | In section 2 Motivation, you mention a partition attack. I think the | rest of the document neglects the topic of *actually pro

[tor-dev] Draft proposal: Tor Consensus Transparency

iently and given valuable feedback. I welcome more feedback from the list. Thanks in advance. --8<---cut here---start->8--- Filename: xxx-tor-consensus-transparency.txt Title: Tor Consensus Transparency Author: Linus Nordberg Created: 2014-06-28 Status: Draft

Re: [tor-dev] I have a group at internet archive that are interested in buying a lot of OnionPi's

Quoting Virgil Griffith : Roger et al, I'm interested in something like onion-pi to be a Tor relay. Is there something with enough COU to be viable? I know nothing about this embedded scene. -V These are all PI:s https://atlas.torproject.org/#search/dfripi running the image from https://

Re: [tor-dev] Quickly testing TOR using Chutney and Fluxcapacitor

Marek Majkowski wrote Sun, 8 Sep 2013 17:35:24 +0100: | In past I wrote this thing called fluxcapacitor [3], it's a tool that | speeds up tests. After a few fixes I was able to run chutney on it: | | $ time /tmp/fluxcapacitor/fluxcapacitor ./go.sh | | real0m11.450s | user0m2.340s | sys

[tor-dev] TBB check sums

Hi, I've built TBB's using the new and shiny gitian thing. Thank you Mike Perry for putting lots of effort into this! I'm at commit f4869b0b (tor-browser-bundle.git). Check sums below. --8<---cut here---start->8--- user@host:~/usr/src/tor-browser-bundle/gitian$

Re: [tor-dev] Twisted-based Tor client performance measurement tool

Linus Nordberg wrote Wed, 23 Jan 2013 09:47:37 +0100: | All testing on FreeBSD 8.3, Python 2.7.3, Twisted 12.1.0 fail with an | exception that doesn't make much sense to me: That's now been fixed in twisted-socks (thanks meejah) and perfd works as expected both directly and over Tor

Re: [tor-dev] Twisted-based Tor client performance measurement tool

Karsten Loesing wrote Tue, 22 Jan 2013 22:08:39 +0100: | > | That's a lot, and to make things even more fun, there's a sponsor | > | deadline to have more realistic Torperf measurements by February 28. | > | > This is what stops me from going "Wooha! o/". | | Which part? ;) The deadline part.

Re: [tor-dev] Twisted-based Tor client performance measurement tool

Karsten Loesing wrote Tue, 22 Jan 2013 21:56:47 +0100: | > | You'd need https://github.com/ln5/twisted-socks for a SOCKS client for | > | this (looks like V4 only?). There are some other ones floating around | > | out there, too, but nothing in core Twisted (as far as I | > | recall). Ah, like ht

Re: [tor-dev] Twisted-based Tor client performance measurement tool

Karsten Loesing wrote Mon, 21 Jan 2013 21:06:38 +0100: | That's a lot, and to make things even more fun, there's a sponsor | deadline to have more realistic Torperf measurements by February 28. This is what stops me from going "Wooha! o/". I'd love to help out with this later -- not only is thi

Re: [tor-dev] Twisted-based Tor client performance measurement tool

meejah wrote Tue, 22 Jan 2013 11:32:39 +0400: | You'd need https://github.com/ln5/twisted-socks for a SOCKS client for | this (looks like V4 only?). There are some other ones floating around | out there, too, but nothing in core Twisted (as far as I | recall). Ah, like https://twistedmatrix.com/t

[tor-dev] Linus' August 2012 status report

Hi, What happened in August. Got most of #4564 working and parts of it merged to master, including - Directory authorities vote for IPv6 public relays (micro descriptors not yet merged) - Relays bind to and publish IPv6 addresses - Clients use IPv6 relays in consensus (not using micro descript

Re: [tor-dev] Parallel release series for directory authorities?

Nick Mathewson wrote Fri, 31 Aug 2012 11:57:04 -0400: | Hi, all! | | Here's an idea I had for directory authorities and the 0.2.3 release series. | | "As you know Bob," Tor 0.2.3 will be stable very soon, and I'm hoping | not to take any more patches for it except for important security | issue

Re: [tor-dev] Tor on IPv6 roadmap and status page

Andreas Krey wrote Sun, 26 Aug 2012 09:50:11 +0200: | On Thu, 16 Aug 2012 22:45:47 +, Linus Nordberg wrote: | ... | > The roadmaps/Tor/IPv6 [1] wiki page has been started with the goal of | > communicating the status of the work with Tor on IPv6. | | Hmm, is there any thought of al

Re: [tor-dev] Tor on IPv6 roadmap and status page

Jeroen Massar wrote Fri, 17 Aug 2012 20:07:30 +0200: | > [1] https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/IPv6 | > [2] https://trac.torproject.org/projects/tor/query?keywords=~ipv6 | | I do not see a 'how to help with testing' ticket/description yet. I've added a section on ho

[tor-dev] Tor on IPv6 roadmap and status page

Hi, The roadmaps/Tor/IPv6 [1] wiki page has been started with the goal of communicating the status of the work with Tor on IPv6. Additionally, searching for Trac tickets with the keyword "ipv6" [2] might give a picture of what's going on. Asking here or highlighting ln5 on #tor-dev is of course

Re: [tor-dev] Clarification of prop 186

Nick Mathewson wrote Tue, 17 Jul 2012 09:31:48 -0400: | Everything that describes how these documents are formatted describes | them as containing multiple "a" lines. Thus, anybody parsing a | consensus or microdescriptor MUST accept multiple "a" lines, even if | they ignore all but the first. |

[tor-dev] Clarification of prop 186

Hi, Can votes and consensuses have more than one "a" line? Prop 186 says, on one hand [...] votes should include a single "a" line for every relay that has an IPv6 address, to include the first IPv6 line in its descriptor. [...] The remaining or-address lines will turn into "a" lines in t

[tor-dev] Adding bridge support to chutney

Hi, Chutney is a program created by Nick that can be used for setting up and operate a test tor network. It can generate torrc files from a network configuration file and torrc template files. It can further start, hup and stop all the tor processes needed to run the network. I've added suppo

[tor-dev] Dreamplug trouble

Hi, An hour ago I had a beautiful dreamplug laying next to me on my table, booting freedombox, making me happy. Now I have a beautiful dreamplug nicely mounted in a rack in a hall next to me, not booting at all, making me sad. --8<---cut here---start->8--- U-B

[tor-dev] New IP-address for directory authority maatuska

Hi, The provider where maatuska, my directory authority, has been hosted for the last two years or so has had some trouble with its switches lately. I was unable to keep maatuska on the network enough to be a good participant of making a consensus. I decided to move the machine to a place where I

[tor-dev] Tor and DNS

Hi, After some interesting discussions irl last week with knowledgeable DNS and security people (hi Jakob) I'd like to hear from people involved with DNS in Tor what current status is and what needs to be done. More specifically, what's the status of ttdnsd and TorDNSd? Are they being used? Any

Re: [tor-dev] Sanitizing IPv6 addresses in bridge descriptors

Alex Le Heux wrote Wed, 11 Jan 2012 09:57:00 +0100: | > RFC 3849 defines the prefix 2001:DB8::/32 as being reserved for | > documentation. That should be fine for this. | | The documentation prefix is for just that, use in documentation :) | | ULA (RFC4193) is actually closer to the 10/8 (RFC1

Re: [tor-dev] Sanitizing IPv6 addresses in bridge descriptors

Karsten Loesing wrote Tue, 10 Jan 2012 14:45:03 +0100: | - Write 3 bytes of the sanitized IPv6 address in [::] notation. We're | writing sanitized IPv4 addresses as 10.x.x.x. Is there a counterpart | for IPv6 addresses? It should be obvious that these are "private" | addresses, but I'd like to

[tor-dev] How to try out the new shiny IPv6 bridge support

Hi, With great help from Jeroen Massars address independence patch posted to this list earlier this year, a first milestone of IPv6 support in tor was reached in the 0.2.3.9-alpha release. Clients can now connect to private bridges over IPv6 if configured for that. If you are at all interested i

Re: [tor-dev] Draft Proposal for BridgeDB IPv6 Support

Aaron wrote Mon, 5 Dec 2011 16:38:49 -0800: | IPv6 Addresses are stored as strings, the same way as IPv4 addresses. | #XXX: is this better than using the ipaddr.IPAddress class? What kind of database is this? If it is possible to use the rest of the database for a program written in

Re: [tor-dev] Tor and BGP integration

Jacob Appelbaum wrote Thu, 9 Jun 2011 14:59:55 +: | Hello from Iceland, Hello from a strikestrucken Keflavíkurflugvöllur, | We came up with two main ideas for making this happen. Thanks for the writeup. | Another method would be to write a controller that watches for BGP network | updat