grarpamp grarpamp@gmail.com writes:
ONION_CLIENT_AUTH_ADD ONION_CLIENT_ADD_AUTH
+1
"We can't change"
Yeah, this is a tough one in some ways. Incremental change is best, but in some ways a wholesale re-thinking could be good as well. I am just one "control library author", but many of txtorcon's APIs seek to hide away the actual control-protocol verbs etc. so changing the "raw" Tor control-protocol API to be spelled out better is low priority (for me).
As far as "re-thinking", I personally would be keen to see a capability-based approach so that potentially very fine-grained permissions can be granted (e.g. "you may add a single ephemeral onion service"). This need is somewhat answered already by proxies -- and in any case "some separate program" is the best place to prototype a "completely new" protocol.
The reality is we're currently in a situation where a lot of people don't want to give any program control-protocol access (and rightly so) because it's such a vast amount of information and control. Thus, it's likely that any "tor-using application" (beyond "use SOCKS5") has basically no choice but to launch its own instance of tor. Maybe this is the best thing to do anyway?