#tor-dev log

17:04:30 <nickm> #startmeeting weekly network team meeting
17:04:30 <MeetBot> Meeting started Mon Oct 17 17:04:30 2016 UTC.  The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:04:30 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:04:44 <nickm> I've recently seen dgoulet and asn and femme.
17:04:53 <nickm> athena: ping?
17:04:56 <femme> Yes, I'm here
17:05:01 <nickm> (Expecting Yawning and teor are busy.)
17:05:12 <nickm> Just pinged isabela
17:05:15 <dgoulet> o/
17:05:20 <nickm> (Expecting mikeperry and armadev are busy)
17:05:26 <Sebastian> I'm here too
17:05:31 <nickm> hi Sebastian !
17:05:36 <nickm> welcome all!
17:05:38 <isis> hello
17:05:41 <nickm> hi isis !
17:05:51 <asn> hello :)
17:05:54 <nickm> Last week I: answered too many emails, did too many bureaucracies, and got our module-documentation coverage up by a lot. (Have a look at aae034d13e458dfe82b.)  I did a code-review on a bunch of branches, and worked on a fix for TROVE-2016-10-001.
17:05:57 <femme> hey all
17:06:09 <nickm> This morning I named the TROVE registry, repaired the cronjob that builds the tor-guts thing on my personal website, started working on the upcoming releases, answered more email, etc.
17:06:13 <nickm> Today I will try to get releases and patches out.
17:06:20 <nickm> review
17:06:26 <nickm> I will also try to do more review
17:06:32 <isis> so TROVE is what we're calling TSA?
17:06:59 <isis> (Tor Service Advisory)
17:07:15 <nickm> Once review and release is done, I plan to split 0.2.9 off, merge merge-ready stuff into 0.3.0, finish review on mikeperry's netflow, finish #15056 at long last, do guard stuff, continue to improve docs,
17:07:20 <isis> err, s/Service/Security/
17:07:28 <isis> i am veeeeery jetlagged
17:07:31 <nickm> isis: yeah, https://trac.torproject.org/projects/tor/wiki/TROVE
17:07:41 <isis> cool :)
17:07:45 <nickm> https://trac.torproject.org/projects/tor/ticket/20383
17:07:48 <femme> Tor Registry Of Vulnerabilities and Exposures
17:08:44 <nickm> any questions / comments/ etc for me?
17:08:45 <dgoulet> great nickm ! perfectly on schedule of https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam#Calendar: :D
17:09:04 <nickm> I could  use changelog review today if anybody has the time.
17:10:27 <isis> last week i gave a talk at waterloo, caught up on email, had a meeting with jschanck to deal with some handshake issues that we've been throwing around for a couple months
17:10:44 <isis> and i totally did not finish the #15055 review that i said i would :/
17:11:04 <isis> i though i could do it on the airplane, but then i was just exhausted and passed out
17:12:06 <isis> this week i have a bunch of reporting/billing/bureaucracy to do
17:12:23 <isis> and my parents are visiting me! i have not seen them in two years!
17:12:27 <nickm> awesome!
17:12:34 <isis> and also finish the review
17:12:55 <isis> other than that i will need to focus on getting my OTF contract done
17:13:17 <isis> EOF
17:13:26 <dgoulet> mutex_lock()
17:13:41 <dgoulet> Last week was mostly for me a follow up on all the things after Seattle which ended up in writing and replying to many emails including test network, network team agenda items and lots of prop224. I also did some review of 029 tickets and I believe some in review-group-10 maybe.
17:13:45 <dgoulet> I'm still having this epic battle with Schleuder for our tor-security@ ML.  Once I have few cycles to spare, I'll get back on that. I finally have almost finalize torsocks for a release this week fixing many things.
17:13:48 <dgoulet> I still have lots of items on my stack rangin from Tor logistics to actual code. Oh and it's my week for "bug triage" so back off! :P
17:13:52 <dgoulet> mutex_unlock()
17:14:07 <nickm> how hard would you like folks to back off?
17:14:15 <dgoulet> not very :P
17:14:26 <dgoulet> asn: you are out, I'm in ;)
17:14:58 <nickm> asn: (how did you find bug triage?)
17:15:20 <asn> Hello. During past week, I started a thread about prop224 client authorization,
17:15:20 <asn> that needed to happen and we've been postponing for months:
17:15:20 <asn> https://lists.torproject.org/pipermail/tor-dev/2016-October/011531.html
17:15:20 <asn> I also did some code reviews.
17:15:20 <asn> I also was the bug triager of the week, which was
17:15:23 <asn> a quite lightweight task since most new tickets were created by teor and were
17:15:25 <asn> pre-triaged or teor triaged them before I had the time to. I ended up triaging
17:15:28 <asn> about 5 tickets through the course of the week.
17:15:33 <athena> nickm: yeah, i'm here
17:15:59 <nickm> asn: is there a maximally up-to-date version of the proposal 224 client auth stuff, with the various changed collected in it?
17:16:13 <asn> nope. it's still on the air based on feedback received.
17:16:32 <asn> i'm writing a reply now. then need some more feedback. and then will write a proper torpsec patch.
17:16:33 <nickm> ok. would it be worth my having a look, or should I wait till you've revised?
17:16:41 <asn> i think it can wait till it's revised.
17:16:45 <nickm> ok
17:16:56 <asn> except if you are really curious, in which case feel free to check the thread
17:17:21 <asn> I also started a thread on further hires on the network team, based on some discussions during the dev meeting
17:17:39 <asn> received some good feedback so far. some nickm feedback would be great as well :)
17:17:49 <dgoulet> oh yeah, we are bascially waiting on Erin I guess?
17:17:53 <asn> ah is it?
17:17:55 <asn> ok
17:18:07 <dgoulet> hrm considering last email... not sure :S but could be
17:19:14 <asn> EOF on my part
17:19:24 <femme> I was looking into https://pad.riseup.net/p/profiling-tor with nickm and Sebastian and this week I'll look into what debug symbols are needed and in which package they are. Also I'm going to look into other profiling tools for linux. That's it for me.
17:19:47 <nickm> asn: wrt client auth, I also wonder if there's some awesome crypto trick we haven't thought of because we're not cryptographers.
17:20:18 <nickm> femme: cool; thanks!
17:20:57 <athena> update: i'm in the thick of #19878 right now; there is a lightly refactored #19858 awaiting 2nd-round code review
17:20:59 <asn> nickm: perhaps there might be.
17:21:36 <nickm> athena: could you stick your in-progress #19878 online someplace?  I'm trying to stay up-to-date with how we're structuring it.
17:21:56 <asn> nickm: it's also a tradeoff between seeking new innovative solutions ,and figuring trivially-correct stuff quick so that we can move with development.
17:22:05 <nickm> asn: Do we have any people who use this stuff actively?  It would help to know what the usecases are
17:22:09 <nickm> asn: that's fair enough
17:22:51 <asn> i've talked with people who use this stuff, and... they use it. all of them with less than 50 authed people.
17:22:55 <asn> people even use stealth auth
17:23:04 <asn> and IIUC the prop224 does not offer stealth auth option.
17:23:18 <nickm> IIUC it's all stealth auth, if I understand the use case.
17:23:18 <athena> nickm: sure, will do
17:23:32 <nickm> athena: cool. looking forward to it. Today ok for that?
17:23:37 <athena> think so
17:23:51 <asn> nickm: I think the current prop224 solutions cannot be isomorphic to stealth auth
17:23:57 <nickm> hm.
17:24:05 <asn> nickm: because even with prop224 auth enabled, revoked people can still fetch teh descriptor (even if they can't decrypt it)
17:24:11 <asn> and hence they can learn HS presense
17:24:17 <asn> but i need to think some more about this.
17:24:23 <athena> this logically splits into two parts: tracking the sampled_guards at all (which is what you need to see for #19879), and load/storing them
17:24:25 <nickm> Do you know if they'd want more than 50 users if tor supported that well?
17:24:54 <asn> nickm: prop224 stealth auth? i dont know if people would want that with more than 50 users. i think providing the current functionality as is (restricted to 16 users), might be sufficient.
17:25:06 <nickm> stealth auth, or auth in general
17:25:20 <nickm> also, do you have a sense of how often the admins want to change the list of authorized users?
17:25:26 <asn> i think providing normal auth for > 50 people might be useful. and i think it's possible.
17:25:41 <asn> nickm: good question. im not really sure how often revocations happen.
17:26:00 <nickm> Knowing that would also be helpful in figuring out our possible solution space
17:26:00 <dgoulet> we could ask on tor-onions@/tor-relays@
17:26:12 <asn> in theory, if these things can happen using the control port, people can make scripts and such, and have their userbase be dynamic and quicjkly changing.
17:26:16 <asn> nickm: agreed.
17:27:12 <asn> dgoulet: perhaps that mgiht be agood idea
17:27:32 <nickm> (I think we've moved to discussion time, but anybody who's around should feel free to chime in with a status update!)
17:27:37 <asn> yes sorry about that.
17:27:50 <nickm> thanks for having a good topic to discuss!
17:28:33 <Sebastian> I have a status update/discussion topic. First, looked very briefly into profiles (thanks femme for the help) of a cpu-starved relay
17:29:27 <Sebastian> my discussion point is the tor-security list where I'm on, but read somewhere that I'll probably be taken off or something. I'm fine with that, but process-wise it would've been neat to let me know or something. Are the plans there finalized?
17:30:03 <nickm> I don't think there are final plans, and I don't mind having a few more people on that list.
17:30:18 <nickm> I also think that, if it's not a dumb idea, we should figure some way to allow network-team to do encrypted stuff
17:31:04 <dgoulet> nickm: yes that is also on my plan to make it work btw
17:31:26 <nickm> Sebastian: did that answer your question?
17:31:32 <dgoulet> I guess we are good on the security policy as we should put it somewhere "official" ?
17:31:43 <Sebastian> mostly, when will it be done? :)
17:31:52 <nickm> Do we have a policy adoption policy? :)
17:32:03 <dgoulet> nickm: enough +1 on tor-dev@ ? :D
17:32:17 <nickm> ok, I'll send to tor-dev@ for comment and flamewars. :)
17:32:50 <dgoulet> Sebastian: on my part (Schleuder) I really have no ETA but it's on my "get done shortly" list
17:33:09 <dgoulet> nickm: well we did already multiple back and forth so I'm sure we can start with it and improve it as we go anyway
17:33:13 <dgoulet> but yeah for now there are 3 people there
17:33:32 <dgoulet> (and I need an answer also on the GPG key situation for that list :S)
17:33:39 <dgoulet> so yeah action items on that ML
17:33:53 <nickm> I would be okay with more people there.  And I would *definitely* want a way to forward stuff from there to network-team.
17:34:07 <nickm> dgoulet: sorry, what's the question? or too complicated to explain?
17:34:08 <Sebastian> dgoulet: sounds great, thanks
17:34:09 <dgoulet> yes I agree on taht
17:34:28 <dgoulet> nickm: my last reply to the thread is about the GPG key for that list that Schleuder needs
17:35:00 <nickm> I would say "you should generate one, it will be fine" .
17:35:12 <dgoulet> ack
17:35:26 <GeKo> +1
17:36:04 <nickm> I have a question: Does everybody who would like access to coverity scan have it?
17:36:31 <nickm> (There are currently 3 resource leaks in the unit tests, and a bunch of false positives that are closed as such.)
17:36:47 <asn> nickm: i don't have access there
17:36:56 <Sebastian> I totally recommend having access
17:36:58 <asn> feel free to add me to the coverity list asn@torproject.org
17:37:00 <Sebastian> it's very enlightening
17:37:00 <nickm> asn: if you request access, I will approve.
17:37:09 <nickm> let me see if I can do.
17:37:12 * dgoulet has access
17:37:51 <dgoulet> there is something else I would like to ask that I think we can decide in few seconds :)
17:37:57 <femme> I would want access and would like to work on unit tests and keeping an eye on them
17:38:10 <nickm> ah, I can invite you
17:38:17 <nickm> dgoulet: go for it!
17:38:46 <dgoulet> about our Gitlab, no reply on the thread so I would like to move this forward and thus I assume everyone is fine with what I said there? :)
17:39:07 <Sebastian> +1
17:39:08 <nickm> asn: I just invited you
17:39:08 <dgoulet> which was in a nutshell: Let's start with the Community edition and plug it to our LDAP
17:39:12 <nickm> sure
17:39:17 <asn> nickm: thank you
17:39:38 <dgoulet> ok great, no objection woot!
17:40:11 <femme> I think gitlab is a great idea
17:40:27 <nickm> femme: wrt adding you to coverity, I've known you less long, though you do seem like an excellent and honest person.
17:40:44 <nickm> so I could add you as an observer, or somebody could vouch for you, or ...
17:40:56 <nickm> we could do this again in a few months?
17:41:08 <isis> dgoulet: no objection here
17:41:15 <femme> Yeah, the former or latter is fine
17:41:17 <nickm> (This stuff is potentially security-sensitive, so need to be a little paranoid. Apologies!)
17:41:28 <nickm> send me a preferred email addr then?
17:41:56 * dgoulet has another item :D (again probably quick)
17:41:57 <nickm> dgoulet: I have no objection.  We're talking about using it for code review for now, right?
17:42:02 <dgoulet> nickm: yes
17:42:10 <nickm> dgoulet: fine by me then
17:42:19 <femme> No need for apologies, I just was reading the website and thought about the security implications and would have asked about different access levels because I obviously don't need (want) anything mission critical
17:42:40 <nickm> ack
17:42:43 <dgoulet> last week I did set some magic dates here: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam#Calendar:
17:42:45 <isis> dgoulet: if you need help with schleuder or gpg, i'm happy to try to help
17:42:54 <dgoulet> are we ok with those? (especially nickm :)
17:43:15 <nickm> femme: in any case, if you send me an email addr, I'll add you as an observe.
17:43:17 <dgoulet> isis: ah good to know, I'll give it another shot soon and see if I need to summon your help :)
17:43:20 <nickm> *observer
17:43:47 <nickm> dgoulet: I think I'm okay with those as a draft....
17:44:01 <dgoulet> so like "let's try it" kind of thing?
17:44:06 <nickm> dgoulet: though the release today just can't be an rc.
17:44:12 <nickm> the next one can be.
17:44:23 <dgoulet> nickm: ah yes it should be "Feature Freeze" actually
17:44:25 <nickm> ok
17:44:49 <nickm> also I'm less clear why this time we're doing a one-month freeze window and the next 2 releases get a 3-month freeze window ?
17:45:11 <dgoulet> 030 is 3 months merge window
17:45:22 <dgoulet> 029 I didn't consider it as we are kind of starting after it?
17:45:27 <nickm> right.  why?
17:45:29 <nickm> ah.
17:45:34 <nickm> Sure, let's try it this way.
17:46:25 <dgoulet> cool
17:46:27 <nickm> any other topics for today?
17:46:47 <nickm> One thing I could really use is feedback on the changelog for 0.2.9.4-alpha, if anybody has time.
17:46:57 <Sebastian> oh, one more thing actually
17:47:02 <nickm> go for it!
17:47:37 <Sebastian> People (ln5) have reported that more recent versions of Tor are much worse off in terms of reconnecting when IP addresses change
17:48:04 <Sebastian> this might be a reason why nathan is reporting that there are many Tor issues on mobile lately
17:48:28 <Sebastian> Anyone have an idea for a change that might have caused this? Maybe we can get ln5 to bisect if we give him a couple of candidates
17:48:58 <nickm> Hmm. I'm afraid I don't know offhand.
17:49:12 <nickm> Is this an 0.2.7->0.2.8 thing?  an 0.2.8->0.2.9 thing?
17:49:38 <Sebastian> I think 0.2.7 -> 0.2.8, but I'd need to ask ln5 or check backlog (and backlog is probably hard to find)
17:50:03 <nickm> If we could isolate it even to 0.2.7->0.2.8 that would be a good start for guessing where.
17:50:19 <isis> another topic: i was wondering how much we're against changing NTor
17:50:39 <isis> also, i think it's 0.2.7 → 0.2.8
17:50:53 <nickm> isis: do you mean, adding an ntor2 for use with PQ crypto?
17:51:00 <Sebastian> ah found it
17:51:01 <nickm> isis: or do you mean, adding an ntor2 to completely replace ntor
17:51:04 <Sebastian> but ln5 didn't mention a version
17:51:07 <Sebastian> ln5: ^ :)
17:51:27 <isis> nickm: both? but at the very least option #1
17:52:04 <nickm> I would want it to have security proofs at least as good as those from the first ntor.
17:52:35 <isis> because john needed to change some things to get the hybrid handshake security proof to work out nicely, but then there were more things in the original which were messy/wrong/bad
17:53:01 <isis> i think i can make the proofs better than the original
17:53:36 <nickm> Sebastian, ln5 : I would _suspect_ the fixes for #17950 or #17951, without thinking too hard about it?
17:53:43 <nickm> Sebastian, ln5 : But I should could be wrong.
17:53:53 <nickm> isis: then, no objections.
17:54:01 <isis> do i need to do that, or is ian's "yeah those changes are improvements" tacitly okay?
17:54:03 <femme> isis: sounds good
17:54:15 <nickm> While your're at it, did you know there's an ntor variant in prop#224 ?
17:54:18 <nickm> *sp
17:54:39 <isis> nickm: i had just recently learned that… is there somewhere i can see the changes?
17:55:09 <nickm> section 3.3.2, NTOR-WITH-EXTRA-DATA
17:55:20 <isis> okay, will review
17:55:23 <isis> thanks!
17:55:26 <nickm> I'm afraid there isn't a clear diff however.
17:55:38 <femme> isis: I would like to see the proofs and would be willing to proofread/edit too
17:55:44 <nickm> more topix?
17:55:46 <femme> before the release*
17:56:26 <dgoulet> nothing more on my side
17:56:34 <nickm> we have 4 minutes befor the next team's meeting.  So then, let's sign off!
17:56:42 <nickm> further discussion on #tor-project.
17:56:43 <nickm> thanks, all!
17:56:45 <nickm> #endmeeting