Opened 5 years ago

Last modified 8 months ago

#16059 new enhancement

Add a "rendezvous approver" control API

Reported by: special Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, tor-control, needs-proposal, term-project-ideas tor-dos
Cc: Actual Points:
Parent ID: Points: 17
Reviewer: Sponsor: Sponsor27-can

Description

From the discussion on mitigating HS denial of service in #16052:

Add a "rendezvous approver" control API, which gives an opted-in controller the chance to approve or deny all rendezvous circuit and stream requests before they're acted upon. This would allow us to make more complex and useful mitigations as third party software.

This might be useful for:

  • Rate limiting; at most N unauthenticated clients per Y
  • Extra-conservative logic like "stop accepting connections during potential guard discovery"
  • Limiting capacity to control server load; only allow N simultaneous clients.
  • Protocol-tuned rules for things like Ricochet
  • More advanced pre-rendezvous authorization

arma also noted:

Speaking of the mitigator, the original HS design had the services giving out tokens to preferred users, who then use the token to get access during times of high load.

This could be built by using a new auth type for access tokens, and checking them in the approver.

Child Tickets

Change History (13)

comment:1 Changed 4 years ago by nickm

Keywords: 6s194 added

comment:2 Changed 4 years ago by nickm

Keywords: term-project-ideas added; 6s194 removed

These tickets were tagged "6s194" as ideas for possible term projects for students in MIT subject 6.S194 spring 2016. I'm retagging with term-project-ideas, so that the students can use the 6s194 tag for tickets they're actually working on.

comment:3 Changed 4 years ago by arma

Severity: Normal

asn notes in #17254 that proposal 255 is great infrastructure for implementing this ticket.

comment:4 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:5 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:6 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:7 Changed 3 years ago by dgoulet

Keywords: tor-control added; control removed

comment:8 Changed 2 years ago by asn

Parent ID: #24298

comment:9 Changed 9 months ago by pili

Sponsor: Sponsor27

comment:10 Changed 8 months ago by asn

Sponsor: Sponsor27Sponsor27-can

comment:11 Changed 8 months ago by asn

Points: 17

comment:12 Changed 8 months ago by asn

Parent ID: #24298

comment:13 Changed 8 months ago by asn

Keywords: tor-dos added
Note: See TracTickets for help on using tickets.