[tor-bugs] #32511 [Core Tor/Tor]: Add features improving onion services' interaction with Tor.

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Nov 21 15:29:01 UTC 2019


#32511: Add features improving onion services' interaction with Tor.
--------------------------+---------------------------------
 Reporter:  moonsikpark   |          Owner:  (none)
     Type:  enhancement   |         Status:  needs_review
 Priority:  Medium        |      Milestone:
Component:  Core Tor/Tor  |        Version:  Tor: 0.4.2.4-rc
 Severity:  Normal        |     Resolution:
 Keywords:  tor-hs        |  Actual Points:
Parent ID:                |         Points:
 Reviewer:  dgoulet       |        Sponsor:
--------------------------+---------------------------------

Comment (by dgoulet):

 Thanks moonsikpark! I hope to provide useful feedback here. I have several
 questions also. We can move to tor-dev@ at some point if the discussion
 expands since over a Trac ticket, it can become painful :).

 (FYI, the following has been discussed a bit with ahf which implemented
 the `HiddenServiceExportCircuitID` feature and had discussions with
 Cloudflare about it)

 > 1. HiddenServiceExportRendPoint

 The reasoning seems reasonable to have this.

 > 2. HiddenServiceExportInstanceID

 Same, this also seems reasonable especially if you end up running many
 onion services.

 Both of the above, it would need a bit of tweaking on the patch but that
 is easy.

 > 3. HiddenServiceEnableClosingCircuit

 This one is a bit more controversial. We are unsure if _in_ tor is the
 right place to parse every single payload coming in from a client.

 The right place to do such an action is really through the ControlPort but
 you mention that it seems complicated and error-prone on your side. If you
 could expand there so we can maybe try to make it better?

 Another option that ahf raised is that probably a sort of "tor agent"
 would be more desirable that is you would tell the agent on a socket to
 "terminate circuit <ID>" and then it tells tor. That agent can aggregate
 multiple tor instances if needed, and so on.

 Unfortunately, we don't have such an "agent" but making tor do "payload
 inspection" for specific behaviors is not really what we think should be
 done here.

 We would _really_ love for you to expand on your needs and complications
 you had with the control port + `CLOSECIRCUIT`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32511#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list