13:33:39 #startmeeting 13:33:40 Meeting started Wed Dec 31 13:33:39 2014 UTC. The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:33:40 Useful Commands: #action #agreed #help #info #idea #link #topic. 13:33:45 what kind of alcohol? 13:34:23 Stolichnaya 13:34:46 Enjoy; remain breathing :) 13:35:08 I've got some calvados for later in the evening, but right now it's 830 in the morning for me 13:35:22 So, my main Tor goal today is to get a release out. 13:35:31 One more in 2014. Why not? 13:35:55 0.2.6.2-alpha? 13:36:04 yup 13:36:30 :) 13:36:30 That would explain the merge-fest a few days ago. Glad we got it all in. 13:36:45 So for the past days 13:36:56 well, also I was on a long car ride and my spouse offered to drive so I could do code review 13:36:57 i've been helping people deploy the HS statistics code on their relays 13:37:03 how's it going? 13:37:11 i think it's going alright 13:37:17 afaik, we have about 30 relays reporting stats. 13:37:23 and some of them are quite fast. 13:37:49 we will start doing more careful examination of the statistics in 5 days or so. 13:37:59 This is related to Gareth Owen's research? 13:38:15 no. it's the SponsorR project. 13:38:29 however, it's a bit similar to Gareth's research. 13:38:31 Ah, so just coincidental 13:38:36 yes pretty much 13:38:42 And useful to have some stats to respond though 13:38:49 we were lucky that karsten had already done some preliminary analysis 13:38:56 showing that HS traffic is a very small part of the network. 13:39:22 (in other news, I hope I don't have to write any more blog posts like that for a little while.) 13:39:32 me too 13:39:36 nickm: thanks for doing that in any case. 13:39:36 nickm: real quick before I go off in search for more booze, I'm tenatively calling the new network protocol Trivial Network Encryption Protocol (tnep) since it's easy to type 13:39:48 if you want me to rename it, lemmie know 13:39:51 what new network protocol is this? 13:39:59 our plot to replace TLS 13:40:11 with something that doesn;t shaft us multiple times per year 13:40:15 how about "trivial encrypting network transport" ? :) 13:40:22 ok 13:40:36 we'll all be under a big tent 13:40:44 we'll all be protected by the big tent 13:40:50 :D 13:40:55 or Tor's encrypting network transport 13:41:08 asn: really roughly, think obfs4 meets basket 13:41:08 or Tent Encrypts Network Traffic 13:41:31 nice 13:41:59 :D 13:42:49 Yeah, it seems like half the security issues in tor relate to TLS 13:43:30 yeah, going for something simpler to implement that we can tweak easier is nice I think 13:44:43 Are there any anonymity impacts of using a custom protocol? 13:44:57 Sort of! 13:45:00 Or is security >> obscurity 13:45:21 s/>>/much more important than/ 13:45:23 uh, kind of, depends on how I do the protocol 13:45:27 also, we have pts 13:45:34 One issue with TLS is that it is very hard to use TLS in a way that can't be distinguished from other TLS. 13:46:11 So, if we make a new protocol that can be trivially identified as Tor, that's a bit of a problem. 13:46:27 But right now, it's not too hard to identify Tor's use of TLS 13:46:48 Either that, or we convince lots of people to start using it 13:46:53 yeah 13:46:55 ideally yes 13:47:04 "easy to implement" is a huge design goal 13:47:06 That implies coming up with a protocol that admits of very solid implementations, and is not too "out there" 13:47:31 BTW, could people have a look at the ChangeLog in master? Usually Roger works on cleaning these up, but this time he's busy :) 13:47:59 teor: plus doing something that approaches the recent obfs series of protocols in terms of "hard to fingerprint" is possible for us 13:48:32 Sounds like a plan 13:48:48 I'll pass a draft around once I spec something out 13:48:52 hm. There is an active https://github.com/tent 13:49:03 ;_; 13:49:17 tentp == tent protocol? 13:49:37 portent 13:49:50 tentacle 13:50:04 tnt 13:50:10 oh, wait, company name 13:50:16 Let's go with tentp :) 13:50:27 * dgoulet appears 13:50:34 Yawning: ok. anything I can help with speccing? :) 13:50:42 I shall let you know 13:51:02 * teor resists making a Harry Potter reference 13:51:39 dgoulet: hi hi! How goes it? 13:51:59 nickm: weekly meeting right now? :) 13:52:03 yup 13:52:03 oh wow SSL replacement must be hard to do. 13:52:06 very optional though 13:52:10 asn: oh? 13:52:11 why? 13:52:14 especially if you want it to be extensible etc. 13:52:18 dunno. there are all these little details. 13:52:22 cipher negotiation 13:52:29 finished messages 13:52:41 One goal here is fewer little details. 13:52:47 asn: it's KISS 13:52:50 then don't replace - re-imagine 13:53:34 ye I also like KISS. but it will probably need to be extensible too right? so that you can in the future replace the current cipher choice with a new one, right? 13:53:37 or not? 13:53:51 that argues for versioning at least. 13:53:59 not necessarily crazypants levels of extensibility. 13:54:04 right 13:54:13 I think if the primitives we end up picking are broken, we are *really* sad for other reasons as well 13:54:42 So v2 would allow different primitives? 13:54:46 We will probably be picking primitives such that, if they are broken, everybody else will be sad too :) 13:54:46 worst case would be if djb was a pod person controled by an alien brain parasite plotting to subvert our crypto or whatever 13:55:13 but, a large chunk of the internet would be sad in that eventuality 13:55:36 nickm: link asn the sheet we've been building? 13:56:15 teor: yeah, v2 would allow different primitives, minus the initial obfuscation (since the version field is in the ciphertext, at least how I'm speccing it out) 13:56:16 https://docs.google.com/spreadsheets/d/1mbaWvLobNEOqfghmWyZtBpmIqrdpLC_k27d4ycOB5hg/edit?usp=sharing 13:56:24 it's a list of requirements and non-requirements 13:56:34 but if our obfuscation is busted, oh well 13:56:40 ah yeah that's helpful 13:56:42 should have used pts 13:56:44 etc 13:56:54 let me know if anybody wants to edit that or add more rows & columns 13:57:09 though someone that could break tentp's obfuscation can probably break the obfs series as well 13:59:13 we won't get the spec perfect in v1. That's okay. 13:59:42 (I wonder if it's worthwhile specifying the setup handshake and subsequent transport phases in an independent, decoupled way 13:59:43 but having a v1 that other people can look at is more important 13:59:45 ) 13:59:50 (maybe) 14:00:19 So I've been thinking about distributed bandwidth measurement 14:00:23 How about we take a few revisions on the spec, then call it v1 of the spec, and hack together a quick implementation? 14:00:30 nickm: indeed 14:00:37 teor: There's a cool paper about that which some folks have been working on, but which isn't public yet. 14:00:54 This comes from staring at both the reachability and laplace code 14:00:58 nickm: in a café to read that FYI ehhe 14:01:25 teor: Ask "ohmygodel" when he's around if he's okay with sharing a draft ? 14:01:30 nickm: cool, would love to read it and compare with my half-baked scheme 14:02:08 It build on EigenSpeed, but simplifies a lot of its rough edges and closes some security holes. 14:02:33 * teor not-googles EigenSpeed 14:02:48 teor: https://www.usenix.org/legacy/event/iptps09/tech/full_papers/snader/snader.pdf 14:03:14 dgoulet: yes, that's what not-google gave me 14:03:30 teor: ah ah :) 14:03:51 so quick question about dev, because you know we are in tor-dev :) 14:03:58 yup yup 14:04:20 nickm: are you still ok if I start playing with freebsd tree.h for optimization stuff? 14:04:27 I know Yawning wants that in tor :P 14:04:34 sure; want me to add it today? 14:04:36 tree.h is useful, yes 14:04:38 :P 14:05:14 nickm: maybe I can just do my poc on the side and if turns out very useful, I ping you to merge it with a subject email of "URGENT: MERGE TREE.H" ? 14:05:16 anyway, I'm off to obtain moar booze, happy newyear everyone etc. 14:05:18 :P 14:05:24 Yawning: happy new year!! :) 14:05:37 Happy New Year 14:06:30 heh 14:06:47 dgoulet: Unlikely I'll do an URGENT thing that isn't urgent; but if it's right, I'll have a look 14:07:21 suggestion: a separate branch that only does the "add tree.h" part, and in which the first commit is just inserting a verbatim copy of the upstream tree.h 14:07:55 suggestion 2: rename the file and these macros in the same way that tor_queue.h renames everything with a TOR_ prefix to prevent collisions. 14:07:57 makes merges of upstream easier 14:08:01 (plausible?) 14:08:19 nickm: yeah absolutely, won't do a fat commit no worry :) 14:08:40 ok. If it has some tree.h stuff and some usage-of-tree.h stuff, I might just cherrypick the former. So watch out :) 14:08:42 and renaming is the way I would go here and keeping comment in the header to indicate where it comes from 14:08:59 yeah 14:11:24 https://people.torproject.org/~nickm/volatile/tor-0.2.6.2-alpha.txt.asc has hashes and a link to my current candidate for 0.2.6.2-alpha. Please make sure it works for you, proofread the changelog, etc? 14:11:46 anything more for this meeting today? It's been a loooong year. :) 14:12:06 Congrats on doing a great job. 14:12:19 Thanks! and welcome to the community, teor! 14:12:43 indeed, big year and lots of dev, congrats! 14:12:50 Thanks. 14:12:51 \o/ 14:13:05 good job everybody 14:13:11 :) 14:13:21 (and to everybody reading this later: thanks for all your code and help too) 14:13:23 #endmeeting