[tor-bugs] #29999 [Core Tor/Tor]: Objective 1, Activity 2: Denial of service defences
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 3 13:26:30 UTC 2019
#29999: Objective 1, Activity 2: Denial of service defences
------------------------------+--------------------
Reporter: pili | Owner: (none)
Type: project | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: Sponsor27 |
------------------------------+--------------------
This is the parent ticket to hold any tickets under this activity,
including:
- Reducing the amount of circuits that they build over time on the Tor
network
- Providing more ways for onion service administrators to control the
influx of incoming users in heavy traffic scenarios.
- Improving our defense mechanisms by:
- Decreasing onion service load on the Tor network, by slowing down Tor
circuit creation on startup.
- Optimizing relevant onion service functions that are called multiple
times therefore taking a lot of the CPU.
- Making it harder for adversaries to force services to rotate their
introduction points.
- Writing a Tor software change proposal for a “rendezvous approver” API
that can be useful for:
1. Rate limiting; allow at most N unauthenticated clients over a set
time period
2. Extra-conservative logic like "stop accepting connections during
potential guard discovery"
3. Limiting capacity to control server load; only allow N simultaneous
clients.
4. Protocol-tuned rules for things like Ricochet
5. More advanced pre-rendezvous authorization
6. Load-balancing across multiple servers running Tor onion services
- Closing client circuit once the INTRO1/ACK dance has been completed,
decreasing load on the Tor network.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29999>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list