[tor-dev] [RFC] control-spec: Specify add/remove/view client auth commands (client-side).

meejah meejah at meejah.ca
Mon May 6 20:28:26 UTC 2019

grarpamp <grarpamp at gmail.com> writes:



> "We can't change"

Yeah, this is a tough one in some ways. Incremental change is best, but
in some ways a wholesale re-thinking could be good as well. I am just
one "control library author", but many of txtorcon's APIs seek to hide
away the actual control-protocol verbs etc. so changing the "raw" Tor
control-protocol API to be spelled out better is low priority (for me).

As far as "re-thinking", I personally would be keen to see a
capability-based approach so that potentially very fine-grained
permissions can be granted (e.g. "you may add a single ephemeral onion
service"). This need is somewhat answered already by proxies -- and in
any case "some separate program" is the best place to prototype a
"completely new" protocol.

The reality is we're currently in a situation where a lot of people
don't want to give any program control-protocol access (and rightly so)
because it's such a vast amount of information and control. Thus, it's
likely that any "tor-using application" (beyond "use SOCKS5") has
basically no choice but to launch its own instance of tor. Maybe this is
the best thing to do anyway?


More information about the tor-dev mailing list