Home Explore Help
Sign In
OWEALs
/
gnunet
mirror of https://gnunet.org/git/gnunet.git
2
0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
gnunet
/
README.1st

README.1st 8.2 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257 
  1. WARNING!
    2. 

  2. =======
    3. 

  3. 

  4. The following is a list of issues with GNUnet 0.11.0 that will need
    5. 

  5. to be addressed before we might consider GNUnet deployable to larger
    6. 

  6. audiences. Please keep this in mind when trying out GNUnet 0.11.0!
    7. 

  7. 

  8. GNUnet may however work fine for applications that aren't impeded by
    9. 

  9. these known deficiencies. Help would of course be welcome to reduce
    10. 

  10. this list, so an estimate of how much work is needed and the main 
    11. 

  11. impact are given with each item.
    12. 

  12. 

  13. 

  14. ats:
    15. 

  15. * We currently select one transport per peer, but we should allow the
    16. 

  16. use of multiple channels concurrently (e.g. UDP + TCP at the same
    17. 

  17. time). Neither ATS nor transport support this today, and this requires
    18. 

  18. a major change in the ATS plugins and the ATS API and the overall
    19. 

  19. ATS/transport logic. [6-12 PM, robustness, performance]
    20. 

  20. 

  21. * The current proportional ATS heuristic does not devalue increasing
    22. 

  22. the number of connections once we have reached saturation point,
    23. 

  23. possibly resulting in an excessive number of connections.
    24. 

  24. [1-3 PM, performance]
    25. 

  25. 

  26. * The mlp/ril ATS heuristics are highly unstable and keep crashing or
    27. 

  27. worse, and have horrific code quality. [3-12 PM, stability,
    28. 

  28. performance]
    29. 

  29. 

  30. 

  31. transport: [12-48 PM overall]
    32. 

  32. * We should move plugins into separate processes to break an overly
    33. 

  33. complicated subsystem into more manageable bits. [maintainability]
    34. 

  34. 

  35. * Transport plugins are currently expected to be bi-directional; the
    36. 

  36. API should be changed to make them uni-directional, so we could have
    37. 

  37. say UDP for sending but receive via say SMTP, simply because NAT
    38. 

  38. punching and other transports (especially SAT) simply are not
    39. 

  39. bi-directional. Fragmentation and ACKs should then not be done in UDP
    40. 

  40. plugin but at transport level.  This should result in significantly:
    41. 

  41. - better NAT traversal
    42. 

  42. - faster transports (especially with the multi-transport of ATS)
    43. 

  43. - simplified transport plugins
    44. 

  44. [stability, robustness, performance]
    45. 

  45.  
    46. 

  46. * Transport currently does not encrypt. This has the disadvantage that
    47. 

  47. TCP/UDP traffic is easily identified as "GNUnet"-traffic.  It would be
    48. 

  48. better to_also use a simple cipher (ECDHE+AEAD) in a plugin-specific
    49. 

  49. way (i.e. HTTPS is fine already) to minimize information leakage, even
    50. 

  50. if for efficiency that cipher is is not replay-protected at this level
    51. 

  51. (and leave true replay-protected OTR to CORE). [privacy, censorship-resistance]
    52. 

  52. 

  53. * transport's 'manipulation' functions should be moved into
    54. 

  54. a plugin-proxy, simplifying the code. This may have
    55. 

  55. modest implications for testbed due to the API change.
    56. 

  56. [maintainability, security]
    57. 

  57. 

  58. * testcases are plenty but insufficiently systematic, the changes
    59. 

  59. described above should also enable us to create more systematic tests.
    60. 

  60. [maintainability, correctness]
    61. 

  61. 

  62. 

  63. hello:
    64. 

  64. * The current code may leak LAN IPs (in particular IPv6 with
    65. 

  65. MAC) globally. We have started to put in some provisions to tag
    66. 

  66. addresses as loopback/LAN/WAN, but need to systematically ensure
    67. 

  67. that addresses are only propagated in a useful scope and avoid
    68. 

  68. leaking "sensitive" address data globally.
    69. 

  69. [3-6 PM, privacy]
    70. 

  70. 

  71. 

  72. core:
    73. 

  73. * core needs to be able to communicate to other peers whether this
    74. 

  74. peer is high-bandwidth or on battery and thus either great for
    75. 

  75. relaying or really bad for relaying. Higher-level subsystems
    76. 

  76. could then bias their peer selection to more capable peers --
    77. 

  77. this is key for going on battery-operated systems.
    78. 

  78. [1-3 PM, performance]
    79. 

  79. 

  80. * we currently use timestamps (based on roughly-synchronized clocks),
    81. 

  81. challenge-response AND sequence numbers to protect against
    82. 

  82. replay-protection. This is overkill, and the use of timestamps
    83. 

  83. causes issues on OpenWRT where RTCs are often unavailable. We
    84. 

  84. might want to increase the nonce for challenges and get rid of
    85. 

  85. the roughly-synchronized clocks assumption, at least for CORE
    86. 

  86. (we can't avoid it for NSE). [1-3 PM, usability]
    87. 

  87. 

  88. * once transport encrypts (ECDH+AES), we should simplify CORE level
    89. 

  89. encryption to use ECDH+Twofish(+SHA512) instead of the current
    90. 

  90. ECDH+AES+Twofish double-encryption.
    91. 

  91. 

  92. * Mobile peers currently allow adversaries to track their users as the
    93. 

  93. peer's identity does not change with locations. We need a mechanism to
    94. 

  94. notify a mobile peer about a location change and then systematically
    95. 

  95. change the public key we use depending on our location. [6-12 PM,
    96. 

  96. privacy]
    97. 

  97. 

  98. * Core should support protocol versioning for higher-level services
    99. 

  99. [3 PM]
    100. 

  100. 

  101. 

  102. cadet:
    103. 

  103. * needs more systematic testing, ideally with a mock up of DHT
    104. 

  104. and core. [6-12 PM, correctness]
    105. 

  105. 

  106. * flow and congestion control implementation remains incomplete;
    107. 

  107. should borrow more from net2o [3-6 PM, performance]
    108. 

  108. 

  109. * Various optimizations, such as key material pre-computation
    110. 

  110. and avoiding unnecessary DHT queries should be implemented.
    111. 

  111. [3-9 PM, performance]
    112. 

  112. 

  113. * Once transport/core use AES/Twofish for encryption, we should
    114. 

  114. switch CADET to use KECCAK-AEAD.
    115. 

  115. 

  116. * Generally needs more benchmarking to identify performance
    117. 

  117. bottlenecks tune accordingly. [3-12 PM, performance]
    118. 

  118. 

  119. 

  120. nat:
    121. 

  121. * many known NAT traversal methods are not yet supported
    122. 

  122. [6-12 PM, connectivity, usability]
    123. 

  123. 

  124. 

  125. dv:
    126. 

  126. * dv is still not working, but currently based on SET and we
    127. 

  127. should simplify the design to not use SET. [3-6 PM, connectivity,
    128. 

  128. correctness]
    129. 

  129. 

  130. 

  131. util:
    132. 

  132. * Event loop instantiations for various event loops (like glib,
    133. 

  133. libev, libevent, etc.) should be created (and tested).  This
    134. 

  134. allows applications to be built with GNUnet using those various
    135. 

  135. styles of event loop handling.  General support for abstracting
    136. 

  136. the event loop is new in 0.11.0, we just need to make broader use
    137. 

  137. of it. [1-3 PM, performance, usability]
    138. 

  138. 

  139. * gnunet-service-resolver should use asynchronous DNS queries if
    140. 

  140. available.  This will ensure that name resolution is not super-slow
    141. 

  141. when GNUnet makes various parallel DNS queries (rare, but DNS
    142. 

  142. queries can happen to resolve peer IP addresses for visualization).
    143. 

  143. [1 PM, performance, usability]
    144. 

  144. 

  145. 

  146. dht:
    147. 

  147. * various minor tweaks should be explored, but first we need to
    148. 

  148. define and find a good benchmark to see where our performance
    149. 

  149. bottlenecks really are today; datacache (IO subsystem) might
    150. 

  150. be one of them.  Here, picking appropriate transaction scopes
    151. 

  151. and isolation levels should be an easy way to boost performance,
    152. 

  152. but we also need more benchmarking logic. [3-12 PM, performance]
    153. 

  153. 

  154. 

  155. set:
    156. 

  156. * Current implementation is not yet Byzantine fault-tolerant
    157. 

  157. against stuffing attack.  [1-3 PM, fault-tolerance]
    158. 

  158. 

  159. 

  160. topology:
    161. 

  161. * quite a few different functions are squished together in one
    162. 

  162. subsystem here, will require some changes to address changes
    163. 

  163. to transport and hello discussed above [1-3 PM, correctness]
    164. 

  164. 

  165. * there are more robust known ways for maintaining a random mesh, we
    166. 

  166. might want to explore using those [3-6 PM, robustness]
    167. 

  167. 

  168. 

  169. fs:
    170. 

  170. * The service should be split into two, one for user-specific and one
    171. 

  171. for system-specific components [3-6 PM, security, usability]
    172. 

  172. 

  173. * Currently, data and files are stored in a disassociated way,
    174. 

  174. resulting in search results that then fail to download; need OR/RPS
    175. 

  175. (see below) before we can think about fixing this properly. [6-18 PM,
    176. 

  176. usability]
    177. 

  177. 

  178. * datastore (IO subsystem) is bad at keeping the database within the
    179. 

  179.   quota set by the user. [1-3 PM, correctness]
    180. 

  180. 

  181. 

  182. conversation:
    183. 

  183. * dropping 'silence' on large-buffers during replay should be
    184. 

  184. used to avoid accumulating latency (standard VoIP technique,
    185. 

  185. crucial to get it to work for real calls) [1-3 PM, usability]
    186. 

  186. 

  187. * needs ring tones [1 PM, usability]
    188. 

  188. 

  189. 

  190. gns:
    191. 

  191. * should support hijacking arbitrary gtlds [1 PM, usability]
    192. 

  192. 

  193. * should import ".fr" ccTLD and ensure implementation performs [3-6 PM]
    194. 

  194. 

  195. 

  196. multicast:
    197. 

  197. * implementation currently "trivial" (aka doing round-robin, not multicast)
    198. 

  198.   and under-tested
    199. 

  199. 

  200. * still uses old NTR-style API, needs to transition to MQ API [DONE]
    201. 

  201. 

  202. 

  203. psyc:
    204. 

  204. * implementation under-tested, database performance likely in
    205. 

  205. need for optimization [3-12 PM]
    206. 

  206. 

  207. 

  208. social:
    209. 

  209. * code in need for clean up and more systematic testing [6-12 PM]
    210. 

  210. 

  211. 

  212. rps:
    213. 

  213. * Open research, still experimental. [3-24 PM]
    214. 

  214. 

  215. 

  216. xolotl/lake/or:
    217. 

  217. * Open research, still non-existent. Symmetric cipher should
    218. 

  218. be CHACHA. [48-120 PM]
    219. 

  219. 

  220. 

  221. No serious problems are known in:
    222. 

  222. * statistics
    223. 

  223. * nse
    224. 

  224. * curl
    225. 

  225. * revocation
    226. 

  226. * scalarproduct
    227. 

  227. * tun
    228. 

  228. * testbed
    229. 

  229. * block
    230. 

  230. * fragmentation
    231. 

  231. * consensus
    232. 

  232. * secretsharing
    233. 

  233. * pt
    234. 

  234. * vpn
    235. 

  235. * gns
    236. 

  236. * gnsrecord
    237. 

  237. * arm
    238. 

  238. * dns
    239. 

  239. * exit
    240. 

  240. * identity
    241. 

  241. * json
    242. 

  242. * sq
    243. 

  243. * my
    244. 

  244. * namecache
    245. 

  245. * namestore
    246. 

  246. * testing
    247. 

  247. * hostlist
    248. 

  248. * zonemaster
    249. 

  249. 

  250. 

  251. We reserve judgement (due to lack of data) on:
    252. 

  252. * reclaim
    253. 

  253. * credential
    254. 

  254. * abe
    255. 

  255. * rest
    256. 

  256. * messenger
    257. 

  257.