15:07:12 <dgoulet> #startmeeting SponsorR
15:07:12 <MeetBot> Meeting started Tue Jun  9 15:07:12 2015 UTC.  The chair is dgoulet. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:07:12 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:07:18 <dgoulet> hi everyone!
15:07:22 <karsten> hi!
15:07:29 <syverson> hi!
15:07:39 <dgoulet> so please go ahead with status report while I press send for this email :)
15:07:46 * syverson can go
15:07:55 <armadev> please do
15:08:18 <syverson> ohmygodel, Rob Jansen and I met w/ Richard Barnes of Mozilla and Let's Encrypt.
15:08:37 <syverson> I sent an email about it to tor-internal this AM.
15:08:56 <syverson> Also finally got around to putting a few entries into the terminology wiki.
15:09:07 <Yawning> (arma: that draft blog post thingy is waiting on your signoff I think)
15:09:29 <syverson> Otherwise been busy with separate presentation for today and other stuff mostly.
15:09:31 <syverson> Done.
15:09:54 <dgoulet> syverson: interesting email btw! ok thanks
15:10:07 * karsten can go next and will be very quick
15:10:11 <dgoulet> go
15:10:42 <karsten> mostly/entirely distracted by other things this week. only relevant piece was an email to dgoulet where I asked him about details about his HS health tool.
15:10:49 <karsten> done.
15:11:19 <dgoulet> karsten: for which you should have the answer in your inbox :)
15:11:28 <dgoulet> I'll go I guess
15:11:38 <karsten> dgoulet: I do! :)
15:12:47 <dgoulet> so analysis script of the hs health csv logs, I got some good feedback from asn on better analysis that could help us directly now, little-t tor SponsorR related, there is still #4862 in pending review but that fixes lots of open tickets and not a trivial change
15:13:40 <dgoulet> been helping isabela and asn about the deliverables, that's about it
15:13:50 <karsten> oh right, I saw that.
15:13:59 <nickm> (/me is here and can do a status as needed)
15:14:00 <karsten> do you need any more help there, or is that done?
15:14:07 <dgoulet> karsten: seems all under control for now
15:14:12 <karsten> yay!
15:14:21 <dgoulet> oh ah also one more things
15:14:50 <dgoulet> this ticket is also relevant to R that might need more eyes on #16260
15:14:56 * dgoulet done
15:15:01 * armadev can go
15:15:05 <dgoulet> go
15:15:08 <armadev> I had a great chat with Patrick Gray about Ricochet and other novel onion servi
15:15:09 <armadev> ce ideas.
15:15:16 <armadev> He went partway to convincing me that Ricochet is going to be a better plan than a Tor Messenger, chatzilla style.
15:15:26 <armadev> Also he argues that 1-to-1 communication is harder to attack, PR-wise, from the 'what about bad people' angle.
15:15:39 <armadev> It's likely that I did other things for SponsorR recently (e.g. helping on the HSDir flag tickets) but I do not currently remember them.
15:15:55 <armadev> There's also the Sybil discussion, where there's a huge uptick in people running relays in order to attack the hsdir subsystem.
15:15:58 <armadev> done.
15:16:17 * nickm ?
15:16:21 <dgoulet> thanks!
15:16:22 <dgoulet> nickm: go
15:17:20 <nickm> I reviewed patches, talked about design stuff, wrote up a proposal to stop using RSA in hidden services entirely (see prop 245, needs review and thought)
15:17:47 <nickm> There's a neat paper that wendy circulated about this RAPPOR thing that google uses to aggregate usage stats; maybe it would work for us.
15:18:12 <nickm> Roger mentioned to me it might be possible to frame prop-224 work as sponsorR, maybe.  If that's the case, we could really tighten stuff up.
15:18:23 <nickm> I hope to be more responsive this week than last, given my lack of doom-meeting.
15:18:26 <syverson> Can you say a few words, maybe for it vs. privex?
15:18:39 <nickm> not yet; wendy just sent it around this morning :)
15:18:54 <syverson> Yeah I didn't look and was hoping you somehow had.
15:19:24 <nickm> diddid everybody get that email though?
15:19:27 <dgoulet> hrm where is that RAPPOR thing ?
15:19:36 <nickm> https://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/42852.pdf
15:19:39 * isabela is around
15:19:40 <nickm> https://github.com/google/rappor
15:19:46 <nickm> not sure if it
15:19:58 <nickm> is at all suitable for our use, but it couldn't hurt to mine it for ideas.
15:20:05 <syverson> I got it.
15:20:26 <dgoulet> we should make sure that aaron/rob got it also
15:21:01 <dgoulet> nickm: all done? (status-report)
15:21:05 <syverson> They should be on tor-assistants, but I'll forward a reminder. We've got an intern working on pointing privex at onion services.
15:21:34 <dgoulet> syverson: just that I don,t see that email on tor-assistants :S
15:21:55 <dgoulet> ah! nvm... I'm stupid
15:22:00 <armadev> syverson: is it safe to specify which intern?
15:22:17 <nickm> dgoulet: yes, all done.  Also, my apologies but I need to run to the bank soon.
15:22:26 <syverson> We only have one. He's from USNA.
15:22:54 <syverson> An undergrad student of Adam Aviv's.
15:22:55 <dgoulet> nickm: np, thanks!
15:23:15 <dgoulet> isabela: hi! if you want to do a status report, go ahead else we are at the discussion phase mostly
15:23:19 <nickm> ok.  will be here another 15 min or so lurking
15:23:53 <isabela> dgoulet: thanks, just watching :)
15:24:25 <dgoulet> ok so I think everyone spoke, anything we should discuss ?
15:24:44 <syverson> Beer? (Sorry)
15:25:05 <dgoulet> syverson: no funding for that :( :P
15:25:22 <dgoulet> what about this idea of squeezing 224 in R ?
15:25:56 <armadev> it is a poorly formed idea. basically it seems like we're wasting a lot of time putting bandaids on the old design,
15:26:09 <armadev> and we should explore whether we could be a lot more efficient if we use a bigger bandaid
15:26:46 <armadev> that is, all the folks doing hsdir attacks right now are soaking up our time. can we make those attacks stop working? how much work would it be?
15:27:28 <dgoulet> yeah #8244 on the old design or 224 :)
15:28:15 <dgoulet> armadev: so should we then try an inception in July to our PM ? :)
15:28:43 <armadev> can we do 224 piece by piece? or does it have to all go out at once? and if piece by piece, what's the most important / most efficient piece to do first?
15:29:05 <Yawning> armadev: as of the next release it will be slightly harder
15:29:10 <dgoulet> hrm I do think we can go incrementely on some part if I recall correctly
15:29:19 <armadev> and yes, we should totally find out, in july, what our new program manager thinks of all this direction. maybe he likes it, who knows.
15:29:22 <Yawning> Since HSDir will require Stable ('Fast' pending)
15:29:25 <dgoulet> but that should be something we can start working on, a transition plan short/mid/long term
15:29:26 <armadev> also also, it could be a great focus for the july hs hackfest
15:29:37 <Yawning> but that is indeed another bandaid
15:30:01 <Yawning> (weasel suggests 'Guard|Exit' fir HSDirs, but that would need a ton of analysis)
15:30:10 <armadev> yawning: yea, i want to change the fact that you can generate a particular relay key, then wait sufficiently, then you're in the right spot to do the attack.
15:30:17 <Yawning> yeah
15:30:36 <special> (I need to find the time to expand on the no-HSDirs idea soon. So many things to do.)
15:30:43 <Yawning> raising the bar with voting hax not that effective
15:30:55 <dgoulet> yeah bandaid solution :)
15:31:07 <Yawning> also, the 224 design will require changes based on the tor-internal thread that currently mike/I are having
15:31:10 <armadev> special: speaking of you, speaking of the hs hack fest, is that under control, or is everybody hoping somebody else is dealing with organizing it?
15:31:15 <Yawning> about that pre-print
15:31:48 <Yawning> rather, some of the fixes I want would make the most sense to do as we transition to 224 if we are ready
15:31:51 <dgoulet> armadev: I only need a reply to my travel@ email :)
15:32:01 <armadev> yeah, ugh, good point.
15:32:04 <special> armadev: I was thinking of pinging people later today to figure out what logistics need to be logisticized
15:32:26 <Yawning> (I do want more than mike involved in discussing that, but hard since it's a preprint ;_;)
15:33:13 <Yawning> and there's a bunch of design work/analysis needed I think
15:33:28 <Yawning> (sorry, guess this isn't that R-ish)
15:33:32 <armadev> yawning: ok. i have no idea what you're talking about. it's likely others here don't either.
15:33:49 <Yawning> there's a pre-print paper about more HS attacks
15:33:50 <dgoulet> discussion on the Usenix paper thread
15:34:01 <syverson> Ah!
15:34:20 <armadev> when does it turn from a pre-print to a final version? that should be real soon now right?
15:34:27 <Yawning> yeah I think so
15:34:31 <Yawning> it's a good paper
15:34:42 <armadev> well great. is it an attack paper or a fix paper?
15:34:51 <Yawning> attack with mnitigations suggested
15:34:51 <dgoulet> they are suppose to send me the final version when they have it
15:34:56 <Yawning> but, the mitigations are.... hard
15:35:10 <Yawning> and I can extend their attack for a few more things that their mitigations don't cover
15:35:17 <armadev> oops
15:35:51 <Yawning> though the mitigations are good if we can figure out how to implement their suggestions correctly
15:36:22 <Yawning> mike had some ideas, that I'm not sure/scared about
15:37:19 <armadev> can you take point on making sure we tell the world about it, as soon as we can?
15:37:35 <Yawning> what, the attack?
15:37:36 <armadev> rather than waiting and hoping nobody notices and then some journalist writes it up poorly
15:37:41 <Yawning> ok
15:37:46 <armadev> i dunno, the paper and everything from it
15:37:50 <Yawning> yah
15:38:10 <Yawning> also, the attack isn't a 224 will fix it thing for once
15:38:28 <Yawning> we should look at our 224 design and see if we can change this situation
15:39:07 <armadev> great
15:39:09 <dgoulet> ok
15:39:22 <Yawning> *cough dgoulet cough*
15:39:25 <Yawning> :P
15:39:32 <dgoulet> :)
15:39:37 <armadev> yawning: please rope in as many people as you can for this. it sounds like it totally falls inside sponsorr scope.
15:40:16 <Yawning> mmk
15:40:32 <dgoulet> ok so I propose we start, even before the hackfest, some work on the transition plan, patch 224, basically start the ground work
15:40:43 <Yawning> mostly want dgoulet/asn to read the paper so I can talk about it
15:40:44 <dgoulet> else it will keep piling up I feel like
15:40:45 <Yawning> :P
15:40:48 <Yawning> yeah
15:41:14 <dgoulet> and in July we'll work on an inception operation :)
15:41:49 <dgoulet> ok do we have more topics to discuss?
15:42:00 <dgoulet> we got the Stable requirement in 026, thanks Yawning's pressure! :)
15:42:24 <Yawning> ^_^
15:43:06 <dgoulet> ok so I guess we can end our meeting unless someone screams?
15:43:27 <Yawning> AAGAAAAAAAAAAAA
15:43:28 <Yawning> ?
15:43:33 <syverson> See you next week. Same bat-time same bat-channel.
15:43:38 <armadev> i think we should think of the recent sybil issues as in-scope too
15:43:47 <armadev> since they seem to keep being about hsdirs
15:43:57 <armadev> which leads to the whole process of cutting out malicious relays
15:44:04 <armadev> which leads to the interaction with the research community
15:44:07 <armadev> all in-scope
15:44:11 <dgoulet> armadev: what do you mean by in-scope too ?
15:44:14 <dgoulet> in-scope of R ?
15:44:15 <armadev> yes
15:44:51 <syverson> Hmm. So developing guidelines is in scope. Makes sense but I hadn't thought about it that way before.
15:45:06 <armadev> and assessing guidelines
15:45:16 <armadev> which means testing them. and applying them to test them. :)
15:46:39 <dgoulet> is there someone writing them or thinking of writing them? (can't remember the latest on the thread)
15:48:10 <armadev> i'm not sure. phw knows, but the last mail from phw said he is done with this topic.
15:48:48 <dgoulet> ok so let's keep that in our eyesight for R
15:49:09 <Yawning> so, someone else should take point there yes?
15:49:16 <Yawning> ideally the dir auth people?
15:49:37 <armadev> ideally. but i bet they're all full.
15:49:40 <Yawning> (dunno, someone else?)
15:49:42 <Yawning> yeah
15:50:24 <syverson> Crap said bye to wrong channel. Here we go: Bye for now.
15:50:28 <karsten> dgoulet: would you be around after the meeting to work a bit more on the HS health questions?
15:50:41 <dgoulet> karsten: sure!, I just need to get food and after that I'm here
15:50:44 <dgoulet> ok so let's close this meeting
15:50:51 <dgoulet> thanks all!
15:50:55 <dgoulet> #endmeeting