#tor-meeting log

15:01:49 <pili> #startmeeting S27 04/02
15:01:49 <MeetBot> Meeting started Tue Apr  2 15:01:49 2019 UTC.  The chair is pili. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:01:49 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:02:01 <pili> who else is here?
15:02:05 <GeKo> <-
15:02:47 * mcs is also here
15:03:06 <asn> anto is giving a talk so she won't be around
15:03:12 <asn> david is away
15:03:18 <asn> i guess we all here?
15:03:22 <pili> gaba?
15:03:25 <T_> Hello all. Happy to be here again.
15:03:50 <asn> btw who is gonna be the PM? both you and gaba?
15:04:00 <gaba> hey
15:04:01 <asn> double PM action?
15:04:08 <pili> not sure we haven't really discussed :D
15:04:08 <gaba> lol
15:04:09 <asn> T_: o/
15:04:15 <asn> ok
15:04:22 <asn> sounds good to me
15:04:42 <pili> my feeling is that we will both do it but concentrating on our team's deliverables
15:04:47 <pili> but I'm open to other ideas :)
15:04:48 <asn> ah
15:04:54 <asn> ok makes sense
15:05:23 <asn> ok so what we doing?
15:05:26 <asn> we did a pretty good pre-meeting
15:05:32 <pili> so, the pad is here:  https://storm.torproject.org/shared/SVpfhg7GIEttH2rgwCYrA-JfXdD-a5MZYxe3-btlutV
15:05:46 <pili> everyone's done a great job of doing some initial triaging
15:05:52 <pili> now we need to start adding some dates
15:06:11 <pili> just for background, so everyone is aware, we can invoice for deliverables as we complete them
15:06:13 <asn> oh like actual roadmapping
15:06:21 <pili> and we have to write montly reports on the work that we are doing towards the deliverables
15:06:31 <asn> ok
15:06:49 <gaba> in the network team side we need to look a little at capacity to be able to get dates on tickets
15:06:58 <pili> maybe we don't need to map out the whole roadmap today, but would be good to have an idea of what we can work on in the next 3 months (for example)
15:07:03 <asn> right. im still assigned for s31 stuff for this month.
15:07:46 <gaba> asn: i need to look at that and then we need to talk on how to clon you :P
15:08:17 <asn> ok if i can keep both pieces after the sponsor is done.
15:08:22 <pili> ok, so maybe the first question is how likely is it that there will be any work on deliverables done this month :)
15:08:34 <asn> pili: if i'm not on s31 there will be work from me
15:08:49 <asn> i think for network-team we should start with O1A1.1 and O1A2
15:08:59 <asn> for the first 3 months
15:09:08 <pili> ok
15:09:12 <asn> and leave O1A1.2 (onionbalance) for later
15:09:27 <asn> because for onionbalance we know how to do it. we have plans. we just need to do them.
15:09:40 <asn> for O1A1.1 and O1A2 we still need to figure out stuff, like debug etc.
15:09:44 <GeKo> asn: we should figure out where we are blocked on you
15:09:47 <gaba> it makes sense
15:09:48 <GeKo> and take that into account
15:09:49 <asn> GeKo: yes!
15:10:09 <GeKo> for instance we probably can't work on o2a2
15:10:20 <GeKo> until things are fixed in core tor
15:10:39 <asn> should we discuss this now?
15:10:42 <asn> (im fine with discussing it now)
15:10:45 <pili> I think so
15:10:47 <GeKo> not necessarily
15:10:52 <asn> ok
15:11:01 <asn> so there will need to be some net-team guidance on all the obj2 deliverables
15:11:11 <GeKo> yes
15:11:14 <pili> well, we know that if we're reliant on o2a2 and the network team won't work on that in the first 3 months we also can't
15:11:21 <pili> we = browser-team
15:11:22 <GeKo> yes
15:11:29 <asn> right
15:11:30 <pili> so what can we do instead
15:11:33 <GeKo> i am fine with that fwiw
15:11:37 <asn> but another approach would be for net-team to de-block the tbb team asap
15:11:40 <pili> right
15:11:46 <GeKo> asn: yep
15:11:48 <asn> so that tbb team can race forward
15:12:17 <asn> so perhaps until dgoulet comes back i can work on obj2?
15:12:20 <pili> asn: any reason why net team can't start on that?
15:12:23 <pili> ok, sounds like a plan
15:12:25 <asn> pili: we can def start with that
15:12:42 <pili> great!
15:12:47 <GeKo> there might be as well things needed for good alt-svc support
15:12:50 <asn> one argument for starting O1A2 soon would be because there is a DoS happening right now, so extracting as much info as possible right now, would be a good thing
15:12:51 <GeKo> o2a3
15:13:02 <asn> GeKo: ye
15:13:18 <asn> should we go through all the obj2 deliverables?
15:13:22 <asn> from top to bottom?
15:13:27 <asn> and see what is needed from net team?
15:13:29 <GeKo> sure
15:13:36 <asn> ok great
15:13:43 <asn> is this a good thing to do now?
15:13:44 <GeKo> i think we are good re o2a1
15:14:02 <pili> yup
15:14:04 <asn> ok
15:14:07 <pili> asn: let's do it
15:14:16 <asn> ok so o2a1
15:14:25 <asn> yes i think if you manage to get v3 client auth working
15:14:29 <asn> you should be able to do everything
15:14:45 <GeKo> yes
15:14:50 <asn> and use the net-team for questions when you fail to get v3 client auth working
15:15:01 <asn> it's heavily underdocumented and potentially buggy
15:15:07 <asn> due to its underutilization
15:15:09 <GeKo> i mean all the v3 client auth things should be there though
15:15:12 <GeKo> afaict
15:15:15 <asn> yes
15:15:19 <asn> they are implemented
15:15:22 <GeKo> good
15:15:39 <asn> ok
15:15:42 <asn> onwards
15:15:44 <asn> o2a2
15:15:57 <asn> 15:11 < pili> well, we know that if we're reliant on o2a2 and the network team won't work on that in the first 3 months we also can't
15:16:00 <GeKo> we are blocked here if we go with the strategy in the bug
15:16:09 <asn> let me see the bug
15:16:12 <GeKo> *outlined in the bug
15:16:42 <pili> 23545 ?
15:16:45 <pili> #23545 rather
15:16:54 <asn> yes
15:17:06 <asn> ok so the plan is for tor to do the checking and inform tbb
15:17:10 <GeKo> yes
15:17:19 <GeKo> i think that's still a good ida
15:17:22 <asn> ok so there is some work to be done here
15:17:22 <GeKo> *idea
15:17:27 <asn> im not sure how to inform tbb
15:17:32 <asn> and it seems like that's where the thing is blocked
15:17:38 <asn> doing the actual check is not so hard
15:18:00 <asn> ok there is a bit of an interface thing to figure out
15:18:07 <GeKo> yep
15:18:08 <asn> and then the implementation should be "straightforward"
15:18:15 <asn> i think this might be 3 points for the net-team
15:18:31 <asn> and a bit of discussion with you guys to figure out the ideal interface
15:18:41 <GeKo> agreed
15:18:43 <pili> so, do we want to discuss the interface now?
15:18:44 <pili> or leave that for another time/meeting?
15:18:48 <asn> leave it for anothe rtime
15:18:49 <asn> i'd say
15:18:51 <mcs> Roughly what unit corresponds to one point?
15:18:52 <GeKo> leave that for another time
15:18:53 <pili> ok, works for me
15:18:57 <asn> mcs: day
15:19:06 <mcs> asn: thx (that was my guess)
15:19:15 <asn> ok so we can continue discussion over trac
15:19:22 <pili> asn: +1
15:19:32 <asn> onwards to o2a3?
15:19:38 <GeKo> yup
15:19:43 <pili> yup
15:20:02 <asn> ok so there is some alt-svc stuff to be done there
15:20:05 <asn> this is pure tbb-team
15:20:15 <asn> e.g. prioritize onions and display circuit
15:20:32 <asn> and by tbb-team i mean also UX team :)
15:20:37 * asn imbecile
15:20:41 <GeKo> yep. you might want to update your onion-location proposal as well
15:20:50 <asn> right and then we have the onion-location thing
15:20:55 <asn> which we....probably want to do?
15:21:04 <GeKo> i think so
15:21:23 <asn> along with the onion-locationm thing, there are various UX improvements that anto has been thining about
15:21:30 <asn> on how to ask the user, etc.
15:21:34 <GeKo> yup
15:21:40 <asn> and potentially some of these UX improvements should also be done in alt-svc?
15:21:47 <asn> not the ask thing, but maybe something to inform of the redirection
15:21:50 <asn> dunno
15:21:57 <pili> so... any dependencies on net-team here though?
15:22:24 <GeKo> yes, probably some alt-svc work
15:22:35 <GeKo> and the onion-location proposal
15:22:39 <GeKo> but not that much
15:22:44 <GeKo> and we could start working on stuff
15:22:45 <asn> what happens if tbb-team inherits onion-location proposal?
15:22:46 <pili> for the UX improvements the UX team needs guidance from tbb team also on what can be implemented
15:22:56 <pili> i.e what is a -must from the tbb side
15:22:59 <GeKo> asn: we could do that
15:23:13 <asn> what alt-svc work is related to net-team?
15:23:43 <GeKo> i heard cf had maybe some bugs that we need to fix in order to provide a good experience?
15:23:48 <asn> oh
15:23:52 <asn> hmm
15:23:54 <asn> they are not -musted
15:24:06 <asn> is it the prioritize thing?
15:24:07 <asn> hm
15:24:08 <pili> do we have a list of those bugs?
15:24:21 <asn> brb 2 mins phone sorry
15:24:44 <pili> (let me try to see if I can find out myself)
15:25:10 <GeKo> asn: we might be able to do our work without those things fixed
15:25:15 <GeKo> but i am not sure yet
15:25:35 <GeKo> there is a "optimally support this experience" item :)
15:25:47 <GeKo> which seems to set the bar high
15:26:25 <asn> back
15:26:28 <asn> hm
15:26:32 <GeKo> it could be, though, that those alt-svc things are not client facing
15:26:45 <GeKo> and then we would not need them
15:26:50 <GeKo> but i am not sure here either
15:26:50 <asn> is there a ticket?
15:26:59 <pili> I'm trying to find something
15:27:12 <GeKo> i did not file any
15:27:44 <GeKo> if nothing jumps out right now i am fine keeping this just in mind
15:28:00 <GeKo> and start doing things here if we suddenly need to
15:28:00 <asn> right
15:28:03 <asn> ok
15:28:04 <asn> sounds good
15:28:14 <asn> perhaps you can shoot an email to fb/cf? :)
15:28:20 <asn> or i can do it
15:28:21 <pili> yeah, I can't find anything
15:28:26 <asn> also will shackleton is using alt-svc
15:28:33 <asn> and he is on top of his game, so maybe he knows what's up
15:28:42 <pili> maybe there's something in the mexico notes
15:29:31 <pili> ok, shall we move on for now?
15:29:32 <asn> maybe https://twitter.com/arthuredelstein/status/1042194259368013825 ?
15:29:34 <asn> dunno
15:29:49 <asn> ok let's move on
15:29:52 <asn> and have this in mind
15:30:00 <pili> it seems like the tor browser team can start work on this independently of network team
15:30:05 <asn> should i assume that net-team is not gonna be needed here, except for reviewing proposals etc.?
15:30:10 <GeKo> asn: i think that#s on our radar
15:30:19 <GeKo> asn: i think that's okay for now
15:30:20 <asn> ok great
15:30:24 <asn> let me know if something changes
15:30:44 <pili> o2a4
15:30:51 <asn> ok o2a4
15:31:21 <asn> ok so o2a4 is 3 pretty random tickets
15:31:37 <GeKo> we might need better error messages from tor's side for onion service issues
15:31:40 <asn> #19251 is very UX-heavy and a bit of tbb
15:31:42 <asn> GeKo: riiight
15:31:53 <GeKo> but that's allfor the ticket it hink
15:32:01 <asn> well there is also some ssl stuff
15:32:04 <asn> as -must
15:32:08 <asn> #27636.onion indicator for non-self-signed but non-trusted sites
15:32:12 <asn> #13410: Disable self-signed certificate warnings when visiting .onion sites
15:32:14 <GeKo> (wrt network-team blocking)
15:32:15 <asn> ah right
15:32:20 <asn> ok yes
15:32:47 <GeKo> i remember talking to dgoulet about that in rome and iirc we came up with some ideas
15:33:00 <asn> ok right now i dont know if tor exposes enough info to debug failed conns
15:33:42 <asn> e.g. figure out whether the issue is in the hsdir side, the intro side, the rend side, etc.
15:33:53 <asn> we should figure out the interface we want here (i.e. the errors we want to show)
15:33:58 <asn> and then see if we can derive them somehow
15:33:59 <pili> so, we need better error messages from tor to surface to the user in a friendly manner?
15:34:03 <asn> yeah
15:34:08 <GeKo> yes
15:34:14 <pili> and the browser team is potentially blocked on that
15:34:15 <pili> ok
15:34:20 <asn> ok there is a bit of blockage here
15:34:22 <GeKo> just that part
15:34:27 <asn> how much blockage depends on what is needed to surface
15:34:34 <asn> ideally we should surface as much as possible
15:34:42 <asn> so that the error can be helpful
15:35:09 <asn> ok let's assume some blockage here. 3 points again.
15:35:17 <asn> i will start by thinking about the interface
15:35:22 <asn> and see how much info is exposed
15:35:25 <asn> and then we can discuss what is needed
15:35:49 <asn> i dont even know how these errors are currently propagated so i will need a bit of discussion with the browser team to figure this out
15:36:10 <GeKo> wfm
15:36:17 <asn> ok great
15:36:20 <pili> anything else on this?
15:36:31 <asn> nzh
15:36:32 <asn> nah
15:36:43 <pili> last one then o2a5 :)
15:36:45 <asn> ok great
15:36:48 <asn> this one is a bit more involved
15:37:22 <asn> hmmm
15:37:35 <asn> so we need to start this by getting in touch with bill from eff, and jenn from securedrop
15:37:38 <pili> we should break it down a lot
15:37:41 <asn> right
15:37:41 <GeKo> the question is who is working on the https-e changes
15:37:41 <asn> yes
15:37:48 <asn> yeah
15:37:52 <asn> and what are the https-e changes
15:37:56 <asn> because it's likely that there are not many
15:37:57 <GeKo> yep
15:38:06 <asn> i think https-e already supports onions in its backend
15:38:10 <asn> so the changes are mainly gonna be UX/UI
15:38:28 <asn> that is, UI changes to make it clear what's going on and assist the community into developing rulesets and whatnot
15:38:43 <pili> this sounds like something we will probably not work on in the first 3 months though, other than getting in touch with bill and jenn to start coordinating work
15:38:44 <GeKo> yep
15:38:49 <asn> pili: right
15:39:00 <asn> getting the conversation going during the first 3 months is useful tho
15:39:06 <pili> asn: yup, definitely
15:39:19 <pili> we should get in touch asap
15:39:28 <asn> ok i can do that
15:39:46 <asn> i can get these emails flying this month
15:39:52 <pili> asn: great
15:39:53 <GeKo> thx
15:40:10 <asn> and that's the whole game
15:40:23 <mcs> maybe there should be an email list where the HTTS-E discussions take place?
15:40:29 <mcs> or maybe we can use an existing list
15:40:33 <asn> existing list i'd say
15:40:40 <asn> maybe tor-dev? maybe https-e?
15:40:41 <asn> maybe tor-onions?
15:40:43 <asn> we have a few
15:40:59 <pili> so, looking back on the discussion above, it seems like the most helpful thing for the network team to unblock for us first would be o2a2
15:41:08 <asn> right
15:41:16 <pili> with the others being less critical as we can both work independently on some aspects of it
15:41:21 <asn> until david comes back i can work on o2a2 o2a4 and o2a5
15:41:38 <asn> assuming i dont have s31 stuff to do
15:41:51 <asn> if i have s31 stuff to do i will still try to be useful on o2a2
15:41:54 <pili> I think it's probably ok to just concentrate on o2a2 for april
15:42:03 <asn> aight
15:42:04 <pili> and not impact your s31 stuff, but gaba can comment further on that :)
15:42:13 <asn> kk
15:42:44 <pili> GeKo: does that work for the browser team?
15:43:21 <GeKo> you mean working on o2a2 in april?
15:43:33 <GeKo> or that the network-team is working on that in april?
15:44:04 <pili> that the network team is working on that and also what we can work on for S27 in April
15:44:25 <GeKo> we can work on it as soon as tor browser 8.5 is out
15:44:26 <pili> I don't see any S27 tickets for April for browser team atm
15:44:41 <pili> ok
15:44:52 <GeKo> or pmore precisely as soon someone who is supposed to work on s27 is not blocked on 8.5 tasks anymore
15:45:13 <GeKo> so, i think, yes, working on s27 in april is doable
15:45:32 <GeKo> i am not sure yet we should start with o2a2, though apart from helping the network team helping us
15:46:09 <pili> GeKo: yup, that's fine, probably makes sense to work on other S27 tickets until we're no longer blocked on network team
15:46:11 <GeKo> i am inclined to just go ahead with o2a1 and get this done before we need to switch to esr transition work
15:46:21 <pili> ok, cool
15:46:30 <GeKo> as this has been a long-standing request
15:46:35 <GeKo> and is nice and self-contained
15:46:42 <pili> we need to do some estimation on that, which I'm super behind on :/
15:46:57 <asn> i wonder if o2a1 will require net-team work to inform that a website needs client auth
15:47:18 <GeKo> we'll find out soon enough i guess :)
15:47:19 <asn> i remember this was an issue with the v2 design that arthur was trying to do
15:47:28 <asn> ack
15:47:41 <pili> GeKo: for o2a1 I assume we'll also need to have an onion service with client auth to test against
15:47:58 <pili> and this will involve some work on our side if we don't have it already
15:48:01 <GeKo> yes, but that's not that hard to set up
15:48:16 <pili> ok, cool
15:48:42 <pili> what else?
15:48:57 <asn> if we are done with objectivs and activities for now
15:49:00 <asn> we can discuss the next meeting
15:49:30 <asn> i'd suggest we do another meeting next week so that antonela is also present, and then skip it for two weks until the end of april so that david is also present
15:49:40 <GeKo> sounds good
15:49:43 <pili> +1
15:49:48 <asn> because we have figured out interactions between net team and tbb team
15:49:51 <pili> I think GeKo and I will also be afk anyway
15:49:52 <T_> +1
15:49:54 <asn> but we have not figured out interactions of ux team
15:50:11 <pili> so, I spoke with antonela and she's happy to follow browser team lead on this
15:50:26 <pili> i.e whatever the browser team is ready to implement we can work on also
15:50:43 <pili> (if that makes sense)
15:50:46 <GeKo> it does :)
15:50:47 <pili> as in, there's no point in UX team working on something if there's no one to implement on browser side
15:51:00 <pili> cool
15:51:04 <asn> what do you mean?
15:51:35 <GeKo> anto is picking up the stuff that the browser team picks up first
15:51:57 <pili> also, UX team will need guidance from browser team on what are s27-must tickets for UX team
15:51:58 <asn> IMO there is some discussion to happen about the UX side of all the o2 activities
15:52:13 <GeKo> yes, that's true
15:52:43 <pili> ok, let me flip this around then, is there any network team activity that requires UX team input?
15:52:43 <GeKo> but the point was regarding when things get done ux will follow browser
15:52:45 <asn> so ideally the plan should allow some time for discussion with the UX team before plugging it into the tbb
15:53:00 <asn> pili: no
15:53:01 <GeKo> *when* i meant
15:53:12 <GeKo> asn: yes, that will def happen
15:53:19 <asn> ok great
15:53:54 <asn> sounds good then
15:55:05 <asn> i guess we done here for this week?
15:55:18 <pili> ok, going back quickly to meeting schedule, next one would be on 04/09 and the following one on 23rd? or 30th April
15:55:29 <asn> sonds good
15:55:33 <asn> 23rd might work for david
15:55:34 <pili> also, next week is the monthly Mozilla sync at the same time
15:55:39 <pili> so we will need to move it...
15:55:46 <asn> aight
15:55:51 <asn> put it an hour later?
15:55:52 <asn> 16:00UTC?
15:55:55 <pili> (at least according to my calendar)
15:56:06 <pili> GeKo: is that what you have also?
15:56:39 <GeKo> hm
15:56:42 <pili> an hour later wfm but we should check with gaba also and antonela
15:56:43 <pili> and GeKo :D
15:56:55 <GeKo> 1600utc does not work for me very well
15:56:59 <asn> aight
15:57:07 <pili> I will send out a doodle
15:57:17 <pili> I think that will be easiest (hopefully)
15:57:24 <asn> maybe we can do it wednesday 15:00UTC?
15:57:24 <GeKo> i don't have a calendar, so not sure if that's at the sane time :)
15:57:31 <asn> same time as today but +1 day
15:57:34 <GeKo> *same
15:57:43 * asn trying to avoid the doodle tax
15:57:56 <pili> gaba and I can't do that :(
15:57:59 <asn> ack
15:58:02 <asn> ok doodle it is XD
15:58:11 <pili> sorry, I hate the doodle tax also
15:58:50 <pili> ok any last comments?
15:59:00 <GeKo> i am fine
15:59:11 <asn> me too
15:59:13 <gaba> thanks
15:59:14 <asn> thanks for the comment
15:59:15 <asn> was very good
15:59:19 <asn> ehm
15:59:22 <asn> comment -> meeting
15:59:23 <T_> Thanks all.
15:59:24 <asn> sorry brain fried
15:59:27 <pili> lol, thanks everyone
15:59:30 <pili> #endmeeting