Network Layer Roadmap Scenarios¶
- Version: v2024.Q3
DoS defenses¶
The problem¶
Proposal 327¶
About:
- proposals/327-pow-over-intro.txt · Tor Specifications
- Proposal: A First Take at PoW Over Introduction Circuits
Status:
- Implemented on Tor 0.4.8.4 as part of the "Onion Services resource coalition" sponsored work.
- Check the PoW FAQ for details.
Relevant DoS-related issues¶
- Design a PoW scheme for HS DoS defence (#134) · Tor Specifications
- prop327: Implement PoW over Introduction Circuits (#40634) · Tor
- Understand code performance of onion services under DoS (#33704) · Tor
- Research approaches for improving the availability of services under DoS (#31223) · Tor
- attacker can force intro point rotation by ddos (#26294) · Tor
- DoS resistence measures from C tor (#351) · Arti
Performance improvements¶
- Needs input from the Network Team for what can be included here.
Metrics¶
- Needs input from the Network, Network Health and Metrics Teams for what can be included here.
Non DoS-related health improvements for Onion Services¶
Fixes:
- Make it even harder to become HSDir (#19162) · Tor
- We should make HSv3 desc upload less frequent (#163) · Tor Specifications
- Tor node that is not part of the consensus should not be used as rendezvous point with the onion service (#33129) · Tor
- hs: Do not allow more than one control cell on a circuit (#157) · Tor Specifications
- Long circuit build times when connecting to onion services (#40570) · Tor
Features, probably only for arti:
- Verification of onion service integrity (#41041) · Tor Browser
- Proposal: Hidden Service Revocation (#87) · Tor Specifications
- 'Hidden' Authenticatd Onion Services (#119) · Tor Specifications
- prop224: Implement offline keys for v3 onion services (#29054) · Tor
Relevant metrics feature requests¶
- Add backend ID when exposing circuitid with HiddenServiceExportCircuitID (#32428) · Tor
- Create new directive HiddenServiceExportStats. (#32690) · Tor
- Add an optional flag for the export circuit id protocol on the port-by-port basis (#40530) · Tor
- Tor should provide a mechanism for hidden services to differentiate authorized clients and circuits (#4700) · Tor
- Add features improving onion services' interaction with Tor. (#32511) · Tor
- Additional metricsport stats for various stages of onionservice handshake (#40717) · Tor
Onion Service support in Arti¶
Check:
- Arti's 1.1.3 and 1.1.4 release notes for initial client implementation.
- Arti's 1.1.8: for Onion service server infrastructure.
- Arti's 1.1.9: Assembling the onions.
- Arti 1.2.7: onion services, RPC, and more
- Arti 1.2.6: onion services, RPC, and more
- Arti 1.2.5: onion services development, security fixes
- Arti 1.2.4: onion services development, security fixes
- Arti 1.2.3 (security release)
- Arti 1.2.2: onion services development
- Arti 1.2.1: onion services development
- Arti 1.2.0: onion services development
Relevant issue boards¶
- Onion Services in general
- Onion Services performance issues: