Network Layer Roadmap Scenarios¶
- Version: v2023.Q2
DoS defenses¶
The problem¶
Proposal 327¶
About:
- proposals/327-pow-over-intro.txt · Tor Specifications
- Proposal: A First Take at PoW Over Introduction Circuits
Status:
- Implemented on Tor 0.4.8.4 as part of the "Onion Services resource coalition" sponsored work.
- Check the PoW FAQ for details.
Relevant DoS-related issues¶
- Design a PoW scheme for HS DoS defence (#134) · Tor Specifications
- prop327: Implement PoW over Introduction Circuits (#40634) · Tor
- Understand code performance of onion services under DoS (#33704) · Tor
- Research approaches for improving the availability of services under DoS (#31223) · Tor
- attacker can force intro point rotation by ddos (#26294) · Tor
- DoS resistence measures from C tor (#351) · Arti
Performance improvements¶
- Needs input from the Network Team for what can be included here.
Metrics¶
- Needs input from the Network, Network Health and Metrics Teams for what can be included here.
Non DoS-related health improvements for Onion Services¶
Fixes:
- Make it even harder to become HSDir (#19162) · Tor
- We should make HSv3 desc upload less frequent (#163) · Tor Specifications
- Tor node that is not part of the consensus should not be used as rendezvous point with the onion service (#33129) · Tor
- hs: Do not allow more than one control cell on a circuit (#157) · Tor Specifications
- Long circuit build times when connecting to onion services (#40570) · Tor
Features, probably only for arti:
- Verification of onion service integrity (#41041) · Tor Browser
- Proposal: Hidden Service Revocation (#87) · Tor Specifications
- 'Hidden' Authenticatd Onion Services (#119) · Tor Specifications
- prop224: Implement offline keys for v3 onion services (#29054) · Tor
Onion Service support in Arti¶
Check:
- Arti's 1.1.3 and 1.1.4 release notes for initial client implementation.
- Arti's 1.1.8: for Onion service server infrastructure.
- Arti's 1.1.9: Assembling the onions.
Relevant issue boards¶
- Onion Services in general
- Onion Services performance issues: