16:15:27 #startmeeting SoP-kernelcorn 16:15:27 Meeting started Tue Jun 23 16:15:27 2015 UTC. The chair is asn_. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:15:27 Useful Commands: #action #agreed #help #info #idea #link #topic. 16:15:33 ok 16:15:35 here we go 16:15:48 so repo is https://github.com/Jesse-V/OnioNS 16:16:01 i guess we should wait a bit for kernelcorn to do a status update 16:16:12 on things he has done, and things he will be doing short-=term 16:16:25 and what he needs from us if anything 16:16:32 i admit i still haven't reviewed his code at all 16:16:47 i was trying to wrap my head around how to test this whole system 16:16:52 so that i can test it while reviewing 16:16:57 but i have no idea how to test it. 16:18:21 hmm no recent commits, have you just not pushed recently? 16:18:25 (feature branches?) 16:18:34 https://github.com/Jesse-V/OnioNS/issues 16:19:16 ok, yes 16:20:04 that is the repo, https://github.com/Jesse-V/OnioNS/issues?q=is%3Aopen+is%3Aissue+milestone%3A0.3.x are the issues I'm working on atm in line for the next release 16:20:59 Yawning: I'm working locally, haven't pushed. 16:21:44 I've been tackling replacing std::cout with logging to a file, which involves changing std::cout in almost every file 16:21:55 ah I see 16:22:24 so it does not compile yet, and I have a policy to allow my commits to compile 16:22:50 ok 16:22:51 You are welcome to review the code, but I think it best if you wait until I finish a release, then you can check everything in conjunction with testing it 16:23:04 how do you test stuff? 16:24:16 I fire up my own network, which isn't too hard. In the last release, I used a single server, so it's a simple matter of firing up the server on a public-facing machine, then passing its IP to the client and HS functionality 16:24:38 do you have unit tests? 16:25:19 I have integration tests, but not unit tests, no. As you can see, there are tickets on them. 16:25:50 It's challenging to do unit tests for networking code, so I might have to resort to integration tests 16:26:27 as for progress, the essential functionality of the client, hidden service operator, and server are there 16:26:56 by 'server' you mean relay? 16:27:37 unit tests for netwokring code don't need to be so challenging. unit tests for functions that parse network data should exist, I think. 16:27:37 yes. Right now the server code does not run on Tor relays (it runs independently) so I felt "server" was the better term 16:27:42 ok 16:27:45 that's fine 16:28:14 when do you think the next release will be? 16:28:46 I'm trying to get it before PETS, but we'll see. I've been busy with a few other projects. 16:29:08 If you want to test the last release, I can fire up the server code and you could do that 16:29:33 i think testing is the first thing i'm going to do 16:29:36 this seems like too many LoCs to review. 16:29:41 in the short (and medium term) do you need anything from us? 16:29:46 Yawning, asn_, do you have an understanding of how the project works? 16:29:53 no, I think I've got it 16:29:59 65% understanding here. 16:30:02 beyond testing/reviw and that spec I need to write 16:30:13 at the HS meetings after PETS, I will discuss what changes I need from Tor. 16:30:42 I'm neither going to that or pets 16:30:52 but I will send my faithful minion asn 16:30:57 to act on my behalf 16:31:14 Mainly I need ed25519 keys or RSA keys for each Tor relay (nick is removing the rsa-1024 keys) 16:31:17 ok 16:31:18 :P 16:31:35 from every relay? 16:31:45 you can extract that out of the control port I think, if not, it'd be easy to add 16:32:41 the Tor consensus is a great PKI, everyone already has each other's keys. I need a key in order to sign the data structures in a way that everyone can verify 16:32:58 oh 16:33:06 signing with the id key, maybe not a good idea 16:33:09 hmm 16:33:26 I don't see a problem with that, that was my plan. We are moving to ed25519 anyway. 16:33:39 prolly cross certify a separate key with the id key 16:34:03 I can convert Curve25519 keys to Ed25519 and sign with those, but I have not seen any research that suggests that such a move is cryptographically secure 16:34:11 it's not 16:34:14 don't do that 16:34:21 yes 16:34:38 why not just assume everybody's got an ed25519 key? 16:34:39 Yawning: ideally yes, but I'm aiming for easy integration with Tor 16:34:43 so what I would suggest is, an ed25519 key, that's signed by the relay's long term id key 16:35:16 maybe I'm wearing too many tinfoil hats 16:35:40 Yawning: that requires a non-trivial amount of changes to relays, clients, and authorities. nickm, I was making that assumption because soon everyone will have ed25519 16:36:06 Yawning: there's nothing wrong with a medium-term signing key, that's a good idea, but it does require more work 16:36:19 there's already a medium term signing key in the architecture 16:36:22 you don't need to add one 16:36:26 for the authorities 16:36:53 (Is this where, look over prop 220 comes into play? :P) 16:37:22 yes 16:37:39 224 is related of course 16:38:02 asn_: would you like me to go over how the system works again? 16:38:19 we can do this in PETS 16:38:32 i think that's better 16:39:12 I agree 16:39:15 https://cheezburger.com/6591767040 16:39:24 ok, lemmie know if you need stuff 16:39:42 kernelcorn: that will be in less than week, so that's quite soon! 16:40:07 actually, right now I do need advice on how to integrate with the Tor Browser 16:40:11 hm 16:40:40 my goal for the next release is to launch the client-side software + a python script with the Tor Browser 16:41:04 I dunno how tor launcher works 16:41:17 and you will hate life integrating it into the build system 16:41:34 because testing gitian descriptor changes takes forever 16:41:48 https://github.com/Jesse-V/OnioNS/issues/27 16:42:23 hmm. Currently I'm requiring users to launch two terminal windows and run the software, that's not ideal 16:42:48 eventually tor will launch your thing, once an interface for doing so has been nailed down yes? 16:43:38 I'm envisioning telling the users to download the Tor Browser, then run a script that installs my software into their Tor Browser, enabling OnioNS 16:44:06 ah I see 16:44:18 Yawning: the two client-side applications ("onions --client" and "python client.py") need no interface 16:44:26 so I just need them to run in the background 16:45:03 currently I launch them from two terminals while the Tor Browser is running, but I would like to move away from that. 16:46:13 kernelcorn: might be worth dropping by a TBB meeting 16:46:19 mondays 16:46:24 and asking the TBB folks how you shoudl do this 16:46:26 at some stupid time for me 16:46:33 I'm confident that I can get the programs to autolaunch with the Tor Browser. There's the nice way and the hacky way of doing that. 16:46:34 (they're gonna say gitian) 16:46:53 https://github.com/Jesse-V/OnioNS/issues/27#issuecomment-114022073 16:48:04 shit delivery is here 16:48:14 got to go. will be back in 10 mins or so. 16:48:24 (do we have more specific stuff to cover?) 16:48:29 also, in your opinion, how many CPU hours would you consider a good cost to claim a domain name? 16:48:29 don't think so 16:48:30 not me at least 16:48:51 unless there's questions for me, I'm good 16:49:00 kernelcorn: hmmm 16:49:06 HS operators must perform computational work, which involves making signatures with their HS key 16:49:09 kernelcorn: 0 hours would be ideal i guess 16:49:14 but there is a security tradeoff here i guess 16:49:17 no, because then you have flooding 16:49:44 currently I was thinking that HS operators should get a domain after about four hours of CPU work on an i7 16:49:54 seems OK 16:49:59 i guess... 16:50:02 all the people that want to be evil will just throw a botnet or something at this anyway 16:50:19 pick something reasonalbe, and discuss later? 16:50:32 yes, or use the cloud, but they will then need to export their private key 16:50:46 ok, well I don't have anything else unless you have questions for me 16:50:54 so I think we may be done here 16:50:57 ok 16:51:02 #endmeeting