Opened 2 years ago

Last modified 2 years ago

#21813 new enhancement

create a JSON-based alternative control port protocol

Reported by: arthuredelstein Owned by:
Priority: Low Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Minor Keywords: tor-control bluesky json big-change
Cc: Actual Points:
Parent ID: Points: 10
Reviewer: Sponsor:

Description

The control port protocol is rather complex and it's difficult to get the syntax exactly right. So I think it would be very nice if we had an optional JSON-based protocol as well. The commands, responses and events could essentially have the same content. Writing a control port client would be greatly accelerated and much easier to ensure correctness, thereby making adoption of Tor easier for applications and tor controllers or monitoring apps. As an example, I would gladly drop the tor-control-port.js module in torbutton in favor of a JSON-based client.

Child Tickets

Change History (3)

comment:1 Changed 2 years ago by cypherpunks

Hopefully that any new tor control protocol will rethink the all-or-nothing security model of the existing one (which has led to the proliferation of tor control port filtering programs; tails, subgraph, and whonix have now each written their own).

comment:2 Changed 2 years ago by nickm_mobile

Milestone: Tor: unspecified

I think if someone wants to pursue this, the best way would be to separate the encoding/decoding of control messages from acting on and generating them, so that they could each be parsed and encoded separately from its implementation. This would probably want to be a machine-generated or automated thing, so that we can have less message-specific parsing code, not more. This might also help formalize the informal meta-format of the control port by giving it a mapping to json.

cypherpunks:

Our main reason for not going with an "internal filter" for the control port is that we aren't convinced that there _is_ a useful safe subset of the control protocol's functionality. Nearly all control port commands are potentially dangerous if used by a hostile party.

comment:3 Changed 2 years ago by nickm

Keywords: tor-control bluesky json big-change added
Points: 10
Priority: MediumLow
Severity: NormalMinor

For a better discussion of what filters can and cannot do, see the thread starting at https://www.mail-archive.com/tor-dev@lists.torproject.org/msg09549.html where plenty of people point out good uses and discuss threat models.

Note: See TracTickets for help on using tickets.