Changes between Initial Version and Version 1 of org/meetings/2017Amsterdam/Notes/TorResearch

Mar 27, 2017, 4:41:05 PM (2 years ago)

added session notes


  • org/meetings/2017Amsterdam/Notes/TorResearch

    v1 v1  
     1Session: Tor research
     2    Leader: Steven Murdoch
     4Past/present research from participants
     6    Website fingerprinting: Traffic analysis attacks
     7    Emulating browser fingerprinting of Tor Browser
     9    Hidden services
     10    Entry guard security
     12    All the things (Paul)
     14    User profiling on the Web
     16    How to work better with academia to get results
     18General redirect: We need to update the research proposal/qualification process
     20How to get research into Tor
     21    Tor lacks standardized way to
     22        Figure out what you need to work on
     23        Get stuff incorporated into dev roadmap
     24    Requirements and process are unclear (and potentially arbitrary)
     25    Currently: Ask Nick, convince Roger
     26        Not clear path
     27        Not scalable
     28        Things can die/drop
     29        Too ad hoc
     30        Can miss out on benefits of researchers' valuable efforts
     32Hurdle to dev team qualifying
     33    No time
     34    No funding for this sort of thing
     35    Just who volunteers to take it on/has time
     37    Shari is working on getting more people into dev team
     39    Especially for big-scope project (like Kisst)
     41Would a written process be helpful?
     42    Paul: Maybe a webpage or text file that says:
     43        Do you have some reasearch that you think is relevant?
     44        Here's how to determine if it's relevant
     45        Here's what you'll need to be able to answer before you come to us
     47    Defined contact channels
     48        Can't ALWAYS be Roger
     49        Contact page doesn't route helpfully
     51    Scorecarding criteria for what's a good project
     52        Resources available?
     53        Funding available?
     54        Aligned?
     55        Conceptual, in production, in use?
     56        Can you provide maintenance support? (probably nobody will ever say yes)
     57        Can you go in on joint funding w/ Tor
     59        Proposal Qualification Models
     60            Heilmeyer criteria
     61            Research safety board (safety in the course of the research, not in the course of when it's implemented, is better)
     62            TAILS: Please contact us before you do your research.
     63            Cass has a list of potential qualification criteria (from grants perspective) will attach to wiki page in a couple of weeks.
     65    Will vetting process lower the barrier to code adoption?
     66        How is maintenance funded?
     67            Predicated on funding diversification: Foundations tend to be less deliverable-fixated
     71Who should vet new projects?
     72    Someone who's very tightly integrated in tor team, knows what we're building and why
     73    Must work closely with PM, know what's going on internally, too
     74    Ideally, a funded, dedicated gatekeeper
     75    George? (Has done it, might be good candidate for future position)
     78    Open research projects
     79        Assigning the Guard Flag
     80        Changing use of network
     81        How Tor Circuit should be used
     82        Fingerprinting
     84Gatekeeping function might be helpful for Tor
     85    Won't harm academics: won't necessarily kill research projects, will only say whether Tor will support with resources
     86    Beats no response at all (proposal goes into the void)
     89What steps will be required for anything released in Tor?
     90    Documentation
     91    Testing
     92    ???
     94Easy case: EndTor
     95    Simple, contained, obsoleted old code, not 10MM lines of code, solved a problem
     97Hard case: How to do statistics (heavyweight scheme proposal)
     98    Hard to maintain, hard to qualify, hard to integrate, not clear answer to recognized problem
     100Whole conversation a little ironic, because Tor is well-documented, so anyone can experiment if they really want to.
     101    But how to get completed (or in progress) research into the "official" Tor development roadmap is still an open question