X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=README.1st;h=3d000a23f63aa2c8975620808a3ba1b7eedd48e7;hb=refs%2Fheads%2Fnetbsd-support;hp=a844f9101193fc9c5bd25a81a8203d622d419167;hpb=e4ec465b558b0c3a39d5868b0018218f7028030e;p=oweals%2Fgnunet.git diff --git a/README.1st b/README.1st index a844f9101..3d000a23f 100644 --- a/README.1st +++ b/README.1st @@ -1,9 +1,256 @@ -====================================================================== +WARNING! +======= -THIS SVN VERSION OF GNUNET IS INCOMPATIBLE TO ALL PREVIOUS RELEASES. -WE CHANGED FUNDAMENTAL PARTS IN THE CRYPTOGRAPHY OF THE SYSTEM. +The following is a list of issues with GNUnet 0.11.0 that will need +to be addressed before we might consider GNUnet deployable to larger +audiences. Please keep this in mind when trying out GNUnet 0.11.0! -You need to install libgcrypt from git master -for the code to compile. +GNUnet may however work fine for applications that aren't impeded by +these known deficiencies. Help would of course be welcome to reduce +this list, so an estimate of how much work is needed and the main +impact are given with each item. + + +ats: +* We currently select one transport per peer, but we should allow the +use of multiple channels concurrently (i.e. UDP + TCP at the same +time). Neither ATS nor transport support this today, and this requires +a major change in the ATS plugins and the ATS API and the overall +ATS/transport logic. [6-12 PM, robustness, performance] + +* The current proportional ATS heuristic does not devalue increasing +the number of connections once we have reached saturation point, +possibly resulting in an excessive number of connections. +[1-3 PM, performance] + +* The mlp/ril ATS heuristics are highly unstable and keep crashing or +worse, and have horrific code quality. [3-12 PM, stability, +performance] + + +transport: [12-48 PM overall] +* We should move plugins into separate processes to break an overly +complicated subsystem into more manageable bits. [maintainability] + +* Transport plugins are currently expected to be bi-directional; the +API should be changed to make them uni-directional, so we could have +say UDP for sending but receive via say SMTP, simply because NAT +punching and other transports (especially SAT) simply are not +bi-directional. Fragmentation and ACKs should then not be done in UDP +plugin but at transport level. This should result in significantly: +- better NAT traversal +- faster transports (especially with the multi-transport of ATS) +- simplified transport plugins +[stability, robustness, performance] + +* Transport currently does not encrypt. This has the disadvantage that +TCP/UDP traffic is easily identified as "GNUnet"-traffic. It would be +better to_also use a simple cipher (ECDHE+AEAD) in a plugin-specific +way (i.e. HTTPS is fine already) to minimize information leakage, even +if for efficiency that cipher is is not replay-protected at this level +(and leave true replay-protected OTR to CORE). [privacy, censorship-resistance] + +* transport's 'manipulation' functions should be moved into +a plugin-proxy, simplifying the code. This may have +modest implications for testbed due to the API change. +[maintainability, security] + +* testcases are plenty but insufficiently systematic, the changes +described above should also enable us to create more systematic tests. +[maintainability, correctness] + + +hello: +* The current code may leak LAN IPs (in particular IPv6 with +MAC) globally. We have started to put in some provisions to tag +addresses as loopback/LAN/WAN, but need to systematically ensure +that addresses are only propagated in a useful scope and avoid +leaking "sensitive" address data globally. +[3-6 PM, privacy] + + +core: +* core needs to be able to communicate to other peers whether this +peer is high-bandwidth or on battery and thus either great for +relaying or really bad for relaying. Higher-level subsystems +could then bias their peer selection to more capable peers -- +this is key for going on battery-operated systems. +[1-3 PM, performance] + +* we currently use timestamps (based on roughly-synchronized clocks), +challenge-response AND sequence numbers to protect against +replay-protection. This is overkill, and the use of timestamps +causes issues on OpenWRT where RTCs are often unavailable. We +might want to increase the nonce for challenges and get rid of +the roughly-synchronized clocks assumption, at least for CORE +(we can't avoid it for NSE). [1-3 PM, usability] + +* once transport encrypts (ECDH+AES), we should simplify CORE level +encryption to use ECDH+Twofish(+SHA512) instead of the current +ECDH+AES+Twofish double-encryption. + +* Mobile peers currently allow adversaries to track their users as the +peer's identity does not change with locations. We need a mechanism to +notify a mobile peer about a location change and then systematically +change the public key we use depending on our location. [6-12 PM, +privacy] + +* Core should support protocol versioning for higher-level services +[3 PM] + + +cadet: +* needs more systematic testing, ideally with a mock up of DHT +and core. [6-12 PM, correctness] + +* flow and congestion control implementation remains incomplete; +should borrow more from net2o [3-6 PM, performance] + +* Various optimizations, such as key material pre-computation +and avoiding unnecessary DHT queries should be implemented. +[3-9 PM, performance] + +* Once transport/core use AES/Twofish for encryption, we should +switch CADET to use KECCAK-AEAD. + +* Generally needs more benchmarking to identify performance +bottlenecks tune accordingly. [3-12 PM, performance] + + +nat: +* many known NAT traversal methods are not yet supported +[6-12 PM, connectivity, usability] + + +dv: +* dv is still not working, but currently based on SET and we +should simplify the design to not use SET. [3-6 PM, connectivity, +correctness] + + +util: +* Event loop instantiations for various event loops (like glib, +libev, libevent, etc.) should be created (and tested). This +allows applications to be built with GNUnet using those various +styles of event loop handling. General support for abstracting +the event loop is new in 0.11.0, we just need to make broader use +of it. [1-3 PM, performance, usability] + +* gnunet-service-resolver should use asynchronous DNS queries if +available. This will ensure that name resolution is not super-slow +when GNUnet makes various parallel DNS queries (rare, but DNS +queries can happen to resolve peer IP addresses for visualization). +[1 PM, performance, usability] + + +dht: +* various minor tweaks should be explored, but first we need to +define and find a good benchmark to see where our performance +bottlenecks really are today; datacache (IO subsystem) might +be one of them. Here, picking appropriate transaction scopes +and isolation levels should be an easy way to boost performance, +but we also need more benchmarking logic. [3-12 PM, performance] + + +set: +* Current implementation is not yet Byzantine fault-tolerant +against stuffing attack. [1-3 PM, fault-tolerance] + + +topology: +* quite a few different functions are squished together in one +subsystem here, will require some changes to address changes +to transport and hello discussed above [1-3 PM, correctness] + +* there are more robust known ways for maintaining a random mesh, we +might want to explore using those [3-6 PM, robustness] + + +fs: +* The service should be split into two, one for user-specific and one +for system-specific components [3-6 PM, security, usability] + +* Currently, data and files are stored in a disassociated way, +resulting in search results that then fail to download; need OR/RPS +(see below) before we can think about fixing this properly. [6-18 PM, +usability] + +* datastore (IO subsystem) is bad at keeping the database within the + quota set by the user. [1-3 PM, correctness] + + +conversation: +* dropping 'silence' on large-buffers during replay should be +used to avoid accumulating latency (standard VoIP technique, +crucial to get it to work for real calls) [1-3 PM, usability] + +* needs ring tones [1 PM, usability] + + +gns: +* should support hijacking arbitrary gtlds [1 PM, usability] + +* should import ".fr" ccTLD and ensure implementation performs [3-6 PM] + + +multicast: +* implementation currently "trivial" (aka doing round-robin, not multicast) + and under-tested + +* still uses old NTR-style API, needs to transition to MQ API [DONE] + + +psyc: +* implementation under-tested, database performance likely in +need for optimization [3-12 PM] + + +social: +* code in need for clean up and more systematic testing [6-12 PM] + + +rps: +* Open research, still experimental. [3-24 PM] + + +xolotl/lake/or: +* Open research, still non-existent. Symmetric cipher should +be CHACHA. [48-120 PM] + + +No serious problems are known in: +* statistics +* nse +* curl +* revocation +* scalarproduct +* tun +* testbed +* block +* fragmentation +* consensus +* secretsharing +* pt +* vpn +* gns +* gnsrecord +* arm +* dns +* exit +* identity +* json +* sq +* my +* namecache +* namestore +* testing +* hostlist +* zonemaster + + +We reserve judgement (due to lack of data) on: +* reclaim +* credential +* abe +* rest -=======================================================================