Author: anonym Date: To: The Tails public development discussion list, richard CC: Duncan Larsen-Russell, micah anderson Subject: Re: [Tails-dev] new features coming in to be aware of
On 20/06/2023 19.19, richard wrote: > Hi Tails devs,
>
> So the legacy tor daemon recently got two new features in alpha you
> should be aware of, proof-of-work and conflux circuits:
Thanks for the heads-up! This is very valuable!
> - proof-of-work: Onion service providers will be able to opt-in to a
> proof-of-work requirement for connecting clients as a ddos
> counter-measure. Legacy clients which do not support this feature will
> not be able to connect to onion services making use of it. This feature
> will be transparent to the user, though in Tor Browser we may surface
> custom ui notifying the user if they failed to complete the pow in-time
> (or other pow-specific errors). The details are still tbd, but any error
> would be surfaced to applications via a custom SOCKS5 error code
> (similar to how the tor daemon notifies applications that client auth is
> required to access an onion service)
Am I correct to assume that as long as we have a tor and Tor Browser
that supports this, and our Tor Browser's SocksPort has ExtendedErrors
enabled, then we are good to go for this feature, or is something more
needed?
> - conflux circuits: the network team has developed a multiple-circuit
> selection routing system whereby clients will open multiple circuits to
> an endpoint, and divide traffic between the circuits to increase network
> performance. Any ux that shows a user's circuit will need to be updated
> to account for this new conflux circuit reality. For the initial stable
> release, conflux circuits will only work with clearnet endpoints so
> onion services are unaffected. The browser team will be working with ux
> on any required ui changes during the next release cycle, so if Tails
> has an analogous thing outside of Tor Browser you can probably follow
> our lead there.
Tails has a simple Vidalia-esque circuit viewer where each circuit is
listed along with its streams, so (if I understand correctly) with
conflux circuits it can be the case that the same stream can be listed
under multiple circuits. Since (IIRC) pre-conflux streams associate with
a single circuit id it indeed sounds like there will be some work needed
here. And this circuit viewer uses Stem, which is unmaintained, which
could complicate things a bit further. :)
Tails also has a control port filter (that sits between tor and the
applications using the control port) that I believe will be affected:
since Tails runs a single system-wide tor instance there are concerns
about applications that have access to the control port snooping on
other circuits/streams (among other things), so the filter enforces
restrictions so a control port user only can see its own streams and
associated circuits. If streams can associate to multiple circuits then
Tails' control port filter must take that into account.
