#tor-meeting log

15:00:31 <pili> #startmeeting S27 05/21
15:00:31 * sysrqb is lurking
15:00:31 <MeetBot> Meeting started Tue May 21 15:00:31 2019 UTC.  The chair is pili. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:31 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:00:33 <pili> hi everyone
15:00:43 <antonela> o/
15:01:14 <pili> pad is here: https://storm.torproject.org/shared/cftEAPBUYEZQ6cCPWPsf-t35WIz49JBEk2ozYJVkNVB
15:01:31 <pili> (or at whichever link people have saved in the past...)
15:01:43 <pili> we're missing asn today
15:01:58 <pili> happy to see everyone that is here :)
15:02:39 <pili> please feel free to start adding any updates in the pad as well as any discussion points and/or blockers and dependencies that you want to talk through with the rest of the team
15:05:27 <pili> I'll start with my updates for now :)
15:05:46 <pili> the main one is that it's almost time to start writing the second monthly report
15:06:43 <pili> so gaba and I might be reaching out for some clarification on progress on some of the items
15:07:14 <pili> dgoulet: any updates from the network team? :)
15:08:00 <pili> I heard from asn yesterday that he'd made a bit of progress on #30381 but has otherwise been occupied with other work
15:09:11 <dgoulet> pili: yes so mainly we are both stuck in finalizing things for the 0.4.1 tor freeze that was last week.
15:09:26 <dgoulet> we made some progress on the DDoS front of s27 at least
15:10:06 <dgoulet> and I wonder also where we are with TB on control port event vs socks error. Last time I looked at the ticket, we were back to SOCKS errors?
15:10:22 <pili> I guess that's one for mcs and brade
15:10:41 <brade> dgoulet: yes, SOCKS :-/
15:10:46 <dgoulet> are we set on that direction? For us, it implies a new proposal, change of spec and then code so it is a bit more involving than a new control port event ehhe
15:10:48 <dgoulet> ok
15:11:49 <brade> mcs and I are not confident of Mozilla’s HTTP Connect implementation; that it is at the right level and will meet our needs
15:11:50 <pili> seems like no one is happy about this :)
15:11:58 <dgoulet> I have no idea if asn had more things on the list but that is the big piece missing before we start that code so onward!
15:12:05 <dgoulet> brade: ok!
15:13:27 <dgoulet> we'll go in overdrive for s27 starting this week since we both (asn and I) kind of finished our pre-freeze stuff ;)
15:13:31 <dgoulet> --
15:13:53 <pili> dgoulet: great news, thanks! :)
15:14:15 <pili> so we'll go ahead with the socks errors implementation then?
15:14:27 <dgoulet> yup
15:14:38 <pili> is that going to change the time estimates at all?
15:14:39 <dgoulet> we had a proposal a while back to expand those, we might revive it with a new version
15:14:48 <pili> as it seems like it's more work on the network team side?
15:15:15 <dgoulet> pili: not sure since control port also requires us spec and all... and SOCKS errors should be "faster" on the spec side, and possibly not too bad on the code side :)
15:15:29 <pili> ok, sounds good then :)
15:15:34 <dgoulet> pili: SOOOO in theory, less time :P
15:15:36 <dgoulet> we'll see
15:15:53 <pili> let's assume it's the same, just in case :D
15:16:09 <dgoulet> yup yup
15:16:24 <pili> ok, any other updates from the network team? or any other comments on this from the browser team or shall we move on with browser team updates?
15:18:28 <pili> ok, let's move on
15:18:43 <pili> brade any exciting updates to share from browser side? :)
15:18:55 <pili> (otherwise I can just read the pad)
15:19:03 <brade> just trying to figure things out :-)  yes, see pad
15:19:24 <brade> need feedback on 30237
15:19:57 <GeKo> i think acat gave good one
15:20:43 <antonela> yes, thanks for that review brade!
15:20:44 <brade> yes but more opinions are welcome
15:20:46 <GeKo> i am quite concerned about possible spoofing by website
15:20:50 <GeKo> s
15:20:58 <brade> GeKo: as are we
15:21:08 <GeKo> i can try looking over the whole ideas later today/early tomorrow
15:21:15 <pili> brade: my only comment is that I enjoyed reading about the line of death, but that's not useful for you I know :)
15:21:22 <antonela> originally i used the http auth UI, which has some limitations, will expand in a comment
15:21:25 <brade> I wish Mozilla had a good option so we didn’t need to write our own
15:22:01 <brade> antonela: ideally same type of UI mechanism is used for auth and errors
15:22:28 <antonela> yep
15:22:34 <brade> pili: I enjoyed reading about it too (when antonela first pointed to it)
15:23:20 <pili> ok, so I guess we need some more feedback from people on #30237
15:23:36 <antonela> yes, thanks acat too!
15:24:11 <GeKo> do we agree that we don't want to make the credential dialog spoofable?
15:24:21 <pili> definitely!
15:24:24 <antonela> ye sure
15:24:27 <GeKo> that's probably the first big decision to make
15:24:52 <GeKo> okay, good
15:24:53 <brade> GeKo: mcs and I think that Mozilla is not doing a good job in this area
15:25:02 <GeKo> well, i agree
15:25:11 <GeKo> but here we are :)
15:25:15 <antonela> because they got good improvements saving passwords
15:25:20 <antonela> but this is not a password
15:25:34 <GeKo> yes
15:26:31 <antonela> lets see, i'll comment some findings about the http auth ui i got when i configured mine 8)
15:27:13 <pili> ok, so antonela will try some things out and report back? or you already did? :)
15:27:14 <pili> and we hopefully get some feedback from others on this
15:27:33 <antonela> i made a first approach in #30024
15:27:48 <antonela> well, we already talked about all this ideas, i just put them together
15:28:01 <antonela> It may have some errors but take it as a conversation starter
15:28:22 <antonela> (like alt-svc doesn't allow users prompt, and so on)
15:28:48 <antonela> i had more questions than answers at the end, so i think we are in a good path
15:29:49 <pili> ok, so this is probably a good time to go into the UX team updates :)
15:29:56 <pili> if there's nothing else on  #30237
15:30:51 <antonela> haha sorry, i read quickly
15:31:14 <pili> antonela: do you need some feedback on  #30024 yourself? :)
15:33:07 <antonela> what that means? that needs review yes, if the browser team has throughs/ideas, those are welcome
15:33:29 <pili> yup, great
15:34:29 <pili> ok, I think that's everyone's updates then
15:34:57 <pili> we already discussed some of the current blockers already:
15:36:10 <pili> - network team was waiting for confirmation on approach for #30382 and we've agreed to go with socks errors
15:36:44 <pili> - brade and mcs are waiting for more feedback/reviews on #30237 for the TBB UI for client auth
15:37:04 <dgoulet> yeah there is a chance we might do those even if TB doesn't need them... but much lower priority for now (#30382)
15:37:59 <pili> - antonela would like a review on #30024 from browser team (and others) for the alternative onion service workflow
15:38:06 <pili> any other blockers/dependencies?
15:39:15 <antonela> i dont think so
15:39:30 <pili> ok, let's move on to stakeholder updates
15:39:35 <pili> anyone have any? :)
15:41:14 <pili> ok, I'll go then, syverson_ and I had a good talk today about the work they've been doing that may overlap with some of the S27 project objectives
15:41:31 <pili> and if there is any way we can take advantage of the research they've done on this already
15:41:57 <pili> mainly around usability of long onion names and alt-svc / alt-onion
15:42:27 * syverson_ says hi
15:42:41 <pili> I think we should have at least one session at the dev meeting in stockholm dedicated to S27, probably 2 at least though
15:43:02 <GeKo> syverson_: o/
15:43:10 <antonela> hi syverson_!
15:43:35 <pili> one for O2A5: human-memorable onion addresses
15:43:52 <pili> and another on alt-svc
15:44:13 <pili> does anyone have any other suggestions on what would be good to discuss in stockholm for this project?
15:45:13 <pili> I'll take that as a no then... ;)
15:45:16 <syverson_> We have a (crappy) WebExtension already built to counter the tracking and censorship inherent in alt services
15:45:18 <pili> but feel free to suggest any to me if you think about it
15:45:27 <syverson_> would be happy to talk about that there.
15:45:38 <pili> sounds good!
15:45:53 <pili> a demo could be nice also :)
15:46:34 <syverson_> planning to do one at HotPETs if talk is accepted. Can certainly demo this and all other features of extension at tordev meeting too.
15:47:39 <pili> yeah, not sure how many of us will stick around for HotPETs unfortunately
15:48:03 <pili> ok, any other items or comments from anyone?
15:48:24 <syverson_> hence can demo at tordevmeeting too
15:49:47 <pili> great! :)
15:50:40 <pili> ok, no one seems to be very chatty today, so I think I will call the meeting over and give people 10 minutes back ;)
15:50:47 <pili> thanks everyone for joining!
15:50:54 <pili> #endmeeting