#tor-dev log

13:29:24 <nickm> #startmeeting
13:29:24 <MeetBot> Meeting started Wed Sep 23 13:29:24 2015 UTC.  The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:29:24 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
13:29:26 <nickm> good morning!
13:29:49 <nickm> I see yawning; anybody else here for our last tor dev irc meeting of the month?
13:30:39 <nickm> ok, could be a short meeting then
13:30:52 <Yawning> hi
13:30:59 <nickm> status: I'm scrambling to take care of everything that should get done before the dev meeting and for the 0.2.7.3-rc release
13:31:27 <nickm> I think we're in good shape for 0.2.7.3
13:31:37 <Yawning> do you still need help?
13:31:40 <nickm> though I wish we were a few weeks ahead
13:31:49 <Yawning> though tomorrow I have erands, and friday I travel :/
13:32:14 <nickm> I think I'm in a good place with this...
13:32:24 <Yawning> ok
13:32:59 <nickm> Also, isabela wrote up a triage thing for us and sent it to tor-dev... but I haven't seen it on tor-dev yet, and I think she's out of communication for a couple of days
13:33:40 <nickm> I've also been poking the list of proposals and trying to chop out ones that are seriously obsolete, superseded, or out of line for what we intend to develop
13:34:52 <nickm> (can anybody else find that email from isabela ?)
13:34:55 <Yawning> no
13:35:08 <nickm> I just checked moderation requests on the tor-dev list and found none :(
13:35:55 <nickm> We can probably start making a little progress by processing tickets without a milestone, doing an initial severity pass over the stuff in 0.2.8, etc
13:36:10 <Yawning> yeah
13:36:12 <nickm> Yawning: what have you been up to and can I help at all?
13:36:23 <Yawning> or just get a projector or whatever at the dev meeting and do it then
13:36:32 <Yawning> since we can also get the e-mail from isabela there
13:36:35 <nickm> true
13:36:39 <Yawning> I'm stuck in documentation hell
13:37:02 <Yawning> Writing about PTs that no one uses.
13:37:09 <nickm> hmmm.  % done?  Due when? Editing or writing? Can I help?
13:37:19 <Yawning> almost done, just need to do FTE
13:37:37 <Yawning> https://metrics.torproject.org/userstats-bridge-transport.html?graph=userstats-bridge-transport&start=2013-01-01&end=2015-09-21&transport=websocket
13:37:48 <nickm> woo
13:38:13 <Yawning> we can probably deprecat that and no one will complain
13:38:18 <Yawning> *deprecate
13:38:44 <nickm> that == FTE ?
13:38:50 <Yawning> though when it works, it actually does work
13:38:54 <Yawning> no, flashproxy
13:38:56 <nickm> ah
13:39:07 <Yawning> the thing no one uses because it requres clients to be able to lisen for incoming connections
13:39:16 <Yawning> (tor-fw-helper lol)
13:39:44 <Yawning> (not that many people use FTE either)
13:40:01 <Yawning> (we probably could tell the FTE users to switch to meek/obfs4)
13:40:08 <nickm> or ask them to try it
13:40:33 <Yawning> but finding one of the ~50-250 people that use fte
13:40:36 <Yawning> prolly difficult
13:40:41 <nickm> true
13:41:00 <Yawning> if we remove flashproxy + FTE we can stop shipping python in the bundle though
13:41:13 <Yawning> since everything else is go based these days
13:41:44 <Yawning> anyway, yeah, doing this, there is light at the end of the tunnel
13:41:55 <Yawning> that my long dead relatives are calling to me from
13:41:58 <Yawning> >.>
13:42:10 <nickm> after that, fun hacking I hope!
13:42:26 <Yawning> once this is done I will ignore the world and hack code for like... a few weeks
13:42:31 <nickm> cool
13:42:36 <nickm> what do you think you'll want to work on?
13:42:46 <Yawning> dunno, I'll decide when that gets there
13:43:01 <nickm> ok
13:43:27 <Yawning> can talk about it at the deve meeting
13:43:32 <Yawning> (that I'm also flipping out over)
13:43:35 <nickm> Good point.  So I guess we should also think about stuff we should have sessions for at the dev meeting.  I'm thining ticket triage, proposal triage.
13:43:57 <nickm> I think this will be the best dev meeting ever
13:44:10 <nickm> I hope everybody's travel goes well
13:44:50 <nickm> maybe think of stuff that we need proposals for
13:44:51 <Yawning> we should sit down and hammer out our PQ crypto plans
13:44:54 <nickm> yeah
13:45:11 <Yawning> at least "pq forward secure"
13:45:12 <nickm> for stuff we need proposals for I'm thinking: PQ crypto, removing old clients, wide-block crypto at last
13:45:15 <Yawning> no good signature algorithm yet
13:45:19 <Yawning> sphincs signatures/keys too big
13:45:33 <nickm> yeah but IMO forward-secrecy is the problem for now
13:45:39 <Yawning> agreed
13:45:52 <nickm> anybody who can do shor's algorithm would be an idiot to use it for forging Tor signatures
13:46:17 <nickm> though we could advance discussions on some of our draft-state hash- chaining proposals.
13:46:58 <Yawning> depends on how easy it is to do shor's
13:47:11 <Yawning> might have some spare machine time after taking over global finance
13:47:18 <nickm> make that, "Anybody who has a clandestine ability to do Shor's"
13:48:30 <nickm> oh, dumb question.  when evaluating whether to care about grover's algorithm against symmetric stuff, is it sufficient to just look at the key size, or is more analysis needed?
13:48:45 <Yawning> depends on the algorithm
13:49:00 <nickm> sounds like "more analysis needed" then
13:49:03 <Yawning> there's an attack against NTRU that uses Grover's for example
13:49:06 <nickm> huh
13:49:08 <nickm> interesting
13:49:15 <Yawning> hash drbg used as part of the key gen
13:49:22 <Yawning> ("oops", easy to fix)
13:49:25 <nickm> (should we call this meeting over and just talk about proposals we need?)
13:49:30 <Sebastian> I have a meeting point
13:49:33 <nickm> oh!
13:49:35 <nickm> hi Sebastian !
13:49:36 <Sebastian> if y'all don't mind
13:49:39 <Yawning> go for it
13:49:40 <nickm> please go for it
13:50:08 <Sebastian> I want to know if you will hate me if I tell arma and sina to "start fresh" with the identity key mappings between rsa and ed25159
13:50:16 <Sebastian> and if not, how do we best do that
13:50:29 <Sebastian> I haven't looked yet where it's stored
13:50:48 <nickm> stop authority.  Remove the file with "keypin" in its name.  Restart authority.
13:51:22 <Yawning> nickm: don't we just want to invalidate the pinnings for the 2 nodes?
13:51:29 <nickm> "key-pinning-journal"
13:51:35 <Sebastian> The reason to start fresh is that we haven't really communicated that this mapping will automatically happen, and it happened accidentally
13:51:55 <Yawning> yeah
13:51:58 <Sebastian> I'm thinking if this happened to moria1 and Faravahar, it maybe also happened to other relays
13:52:07 <Yawning> we have mappings for relays too
13:52:11 <Yawning> certainly
13:52:21 <nickm> i'm sure i said it someplace to somebody.  I can totally believe that I didn't say it loud or broadly enough. :)
13:52:35 <nickm> This whole keypinning thing seems potentially misdesigned.
13:52:54 <nickm> I wonder if we should just disable it for the first month or two of 0.2.7's lifecycle
13:52:59 <Sebastian> I wondered about that. It will be broken if the rsa key ever gets broken.
13:53:06 <nickm> this is more or less our last chance to do so.
13:54:11 <Sebastian> My vote would be in favor of not pinning for now
13:54:16 <Yawning> this sounds like a dev meeting topic
13:54:41 <nickm> I'm hoping 0.2.7.3-rc comes out before the dev meeting.
13:54:53 <Yawning> ah
13:54:54 <nickm> I think that disabling keypinning for a couple of months is fine and wise
13:55:23 <Yawning> probably yes
13:55:31 <virgil> is measurement meeting now or tomorrow?
13:55:40 <Sebastian> virgil: tomorrow
13:55:40 <nickm> opening a ticket, sigh
13:55:45 <virgil> k.
13:55:46 <nickm> anything else for this meeting? :)
13:55:57 <Sebastian> well, yes, thanks <3
13:56:06 <Sebastian> sorry for another ticket on the pile
13:56:23 <nickm> hey, the end goal is good software
13:56:33 <nickm> tickets aren't the problem, problems are the problem :)
13:56:38 <Sebastian> I know. This is harder to defer than many things :)
13:56:39 <Yawning> we're going to ship with stats right?
13:56:48 <nickm> looks like
13:56:51 <Yawning> despite the tinfoil hattery around R ?
13:56:52 <Yawning> k
13:57:07 <nickm> hey, let's be respectful to our skeptics
13:57:13 <nickm> they keep us transparent
13:57:18 <nickm> and honest
13:57:29 <Yawning> yeah, I'm wearing a  hat too
13:57:30 <nickm> nickm says '#endmeeting' in 3...2...
13:57:41 <nickm> #endmeeting