[tor-bugs] #16059 [Tor]: Add a "rendezvous approver" control API

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#16059: Add a "rendezvous approver" control API
-------------------------------------------+------------------------------
 Reporter:  special                        |          Owner:
     Type:  enhancement                    |         Status:  new
 Priority:  normal                         |      Milestone:  Tor: 0.2.???
Component:  Tor                            |        Version:
 Keywords:  tor-hs control needs-proposal  |  Actual Points:
Parent ID:                                 |         Points:
-------------------------------------------+------------------------------
 From the discussion on mitigating HS denial of service in #16052:

 >  Add a "rendezvous approver" control API, which gives an opted-in
 controller the chance to approve or deny all rendezvous circuit and stream
 requests before they're acted upon. This would allow us to make more
 complex and useful mitigations as third party software.

 This might be useful for:
  * Rate limiting; at most N unauthenticated clients per Y
  * Extra-conservative logic like "stop accepting connections during
 potential guard discovery"
  * Limiting capacity to control server load; only allow N simultaneous
 clients.
  * Protocol-tuned rules for things like Ricochet
  * More advanced pre-rendezvous authorization

 arma also noted:
 > Speaking of the mitigator, the original HS design had the services
 giving out tokens to preferred users, who then use the token to get access
 during times of high load.

 This could be built by using a new auth type for access tokens, and
 checking them in the approver.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16059>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs