123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257 |
- WARNING!
- =======
- The following is a list of issues with GNUnet 0.11.0 that will need
- to be addressed before we might consider GNUnet deployable to larger
- audiences. Please keep this in mind when trying out GNUnet 0.11.0!
- GNUnet may however work fine for applications that aren't impeded by
- these known deficiencies. Help would of course be welcome to reduce
- this list, so an estimate of how much work is needed and the main
- impact are given with each item.
- ats:
- * We currently select one transport per peer, but we should allow the
- use of multiple channels concurrently (i.e. UDP + TCP at the same
- time). Neither ATS nor transport support this today, and this requires
- a major change in the ATS plugins and the ATS API and the overall
- ATS/transport logic. [6-12 PM, robustness, performance]
- * The current proportional ATS heuristic does not devalue increasing
- the number of connections once we have reached saturation point,
- possibly resulting in an excessive number of connections.
- [1-3 PM, performance]
- * The mlp/ril ATS heuristics are highly unstable and keep crashing or
- worse, and have horrific code quality. [3-12 PM, stability,
- performance]
- transport: [12-48 PM overall]
- * We should move plugins into separate processes to break an overly
- complicated subsystem into more manageable bits. [maintainability]
- * Transport plugins are currently expected to be bi-directional; the
- API should be changed to make them uni-directional, so we could have
- say UDP for sending but receive via say SMTP, simply because NAT
- punching and other transports (especially SAT) simply are not
- bi-directional. Fragmentation and ACKs should then not be done in UDP
- plugin but at transport level. This should result in significantly:
- - better NAT traversal
- - faster transports (especially with the multi-transport of ATS)
- - simplified transport plugins
- [stability, robustness, performance]
-
- * Transport currently does not encrypt. This has the disadvantage that
- TCP/UDP traffic is easily identified as "GNUnet"-traffic. It would be
- better to_also use a simple cipher (ECDHE+AEAD) in a plugin-specific
- way (i.e. HTTPS is fine already) to minimize information leakage, even
- if for efficiency that cipher is is not replay-protected at this level
- (and leave true replay-protected OTR to CORE). [privacy, censorship-resistance]
- * transport's 'manipulation' functions should be moved into
- a plugin-proxy, simplifying the code. This may have
- modest implications for testbed due to the API change.
- [maintainability, security]
- * testcases are plenty but insufficiently systematic, the changes
- described above should also enable us to create more systematic tests.
- [maintainability, correctness]
- hello:
- * The current code may leak LAN IPs (in particular IPv6 with
- MAC) globally. We have started to put in some provisions to tag
- addresses as loopback/LAN/WAN, but need to systematically ensure
- that addresses are only propagated in a useful scope and avoid
- leaking "sensitive" address data globally.
- [3-6 PM, privacy]
- core:
- * core needs to be able to communicate to other peers whether this
- peer is high-bandwidth or on battery and thus either great for
- relaying or really bad for relaying. Higher-level subsystems
- could then bias their peer selection to more capable peers --
- this is key for going on battery-operated systems.
- [1-3 PM, performance]
- * we currently use timestamps (based on roughly-synchronized clocks),
- challenge-response AND sequence numbers to protect against
- replay-protection. This is overkill, and the use of timestamps
- causes issues on OpenWRT where RTCs are often unavailable. We
- might want to increase the nonce for challenges and get rid of
- the roughly-synchronized clocks assumption, at least for CORE
- (we can't avoid it for NSE). [1-3 PM, usability]
- * once transport encrypts (ECDH+AES), we should simplify CORE level
- encryption to use ECDH+Twofish(+SHA512) instead of the current
- ECDH+AES+Twofish double-encryption.
- * Mobile peers currently allow adversaries to track their users as the
- peer's identity does not change with locations. We need a mechanism to
- notify a mobile peer about a location change and then systematically
- change the public key we use depending on our location. [6-12 PM,
- privacy]
- * Core should support protocol versioning for higher-level services
- [3 PM]
- cadet:
- * needs more systematic testing, ideally with a mock up of DHT
- and core. [6-12 PM, correctness]
- * flow and congestion control implementation remains incomplete;
- should borrow more from net2o [3-6 PM, performance]
- * Various optimizations, such as key material pre-computation
- and avoiding unnecessary DHT queries should be implemented.
- [3-9 PM, performance]
- * Once transport/core use AES/Twofish for encryption, we should
- switch CADET to use KECCAK-AEAD.
- * Generally needs more benchmarking to identify performance
- bottlenecks tune accordingly. [3-12 PM, performance]
- nat:
- * many known NAT traversal methods are not yet supported
- [6-12 PM, connectivity, usability]
- dv:
- * dv is still not working, but currently based on SET and we
- should simplify the design to not use SET. [3-6 PM, connectivity,
- correctness]
- util:
- * Event loop instantiations for various event loops (like glib,
- libev, libevent, etc.) should be created (and tested). This
- allows applications to be built with GNUnet using those various
- styles of event loop handling. General support for abstracting
- the event loop is new in 0.11.0, we just need to make broader use
- of it. [1-3 PM, performance, usability]
- * gnunet-service-resolver should use asynchronous DNS queries if
- available. This will ensure that name resolution is not super-slow
- when GNUnet makes various parallel DNS queries (rare, but DNS
- queries can happen to resolve peer IP addresses for visualization).
- [1 PM, performance, usability]
- dht:
- * various minor tweaks should be explored, but first we need to
- define and find a good benchmark to see where our performance
- bottlenecks really are today; datacache (IO subsystem) might
- be one of them. Here, picking appropriate transaction scopes
- and isolation levels should be an easy way to boost performance,
- but we also need more benchmarking logic. [3-12 PM, performance]
- set:
- * Current implementation is not yet Byzantine fault-tolerant
- against stuffing attack. [1-3 PM, fault-tolerance]
- topology:
- * quite a few different functions are squished together in one
- subsystem here, will require some changes to address changes
- to transport and hello discussed above [1-3 PM, correctness]
- * there are more robust known ways for maintaining a random mesh, we
- might want to explore using those [3-6 PM, robustness]
- fs:
- * The service should be split into two, one for user-specific and one
- for system-specific components [3-6 PM, security, usability]
- * Currently, data and files are stored in a disassociated way,
- resulting in search results that then fail to download; need OR/RPS
- (see below) before we can think about fixing this properly. [6-18 PM,
- usability]
- * datastore (IO subsystem) is bad at keeping the database within the
- quota set by the user. [1-3 PM, correctness]
- conversation:
- * dropping 'silence' on large-buffers during replay should be
- used to avoid accumulating latency (standard VoIP technique,
- crucial to get it to work for real calls) [1-3 PM, usability]
- * needs ring tones [1 PM, usability]
- gns:
- * should support hijacking arbitrary gtlds [1 PM, usability]
- * should import ".fr" ccTLD and ensure implementation performs [3-6 PM]
- multicast:
- * implementation currently "trivial" (aka doing round-robin, not multicast)
- and under-tested
- * still uses old NTR-style API, needs to transition to MQ API [DONE]
- psyc:
- * implementation under-tested, database performance likely in
- need for optimization [3-12 PM]
- social:
- * code in need for clean up and more systematic testing [6-12 PM]
- rps:
- * Open research, still experimental. [3-24 PM]
- xolotl/lake/or:
- * Open research, still non-existent. Symmetric cipher should
- be CHACHA. [48-120 PM]
- No serious problems are known in:
- * statistics
- * nse
- * curl
- * revocation
- * scalarproduct
- * tun
- * testbed
- * block
- * fragmentation
- * consensus
- * secretsharing
- * pt
- * vpn
- * gns
- * gnsrecord
- * arm
- * dns
- * exit
- * identity
- * json
- * sq
- * my
- * namecache
- * namestore
- * testing
- * hostlist
- * zonemaster
- We reserve judgement (due to lack of data) on:
- * reclaim
- * credential
- * abe
- * rest
- * messenger
|