torproject/torspec
1
0
Fork 0
mirror of https://github.com/torproject/torspec.git synced 2024-11-23 09:49:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Prop327: Onion service rate limiting is not congestion control.

Browse Source 
It is just rate limiting. We could apply real Prop324 congestion control to
the intro circuit, but so far we have not done so.
This commit is contained in:
Mike Perry 2023-05-25 13:12:00 +00:00
parent 646fbf74fb
commit 38469b0626
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
proposals/327-pow-over-intro.txt
View File

@ -13,12 +13,11 @@ Status: Draft
So far our attempts at limiting the impact of introduction flooding DoS
attacks on onion services has been focused on horizontal scaling with
Onionbalance, optimizing the CPU usage of Tor and applying congestion control
using rate limiting. While these measures move the goalpost forward, a core
problem with onion service DoS is that building rendezvous circuits is a
costly procedure both for the service and for the network. For more
information on the limitations of rate-limiting when defending against DDoS,
see [REF_TLS_1].
Onionbalance, optimizing the CPU usage of Tor and applying rate limiting.
While these measures move the goalpost forward, a core problem with onion
service DoS is that building rendezvous circuits is a costly procedure both
for the service and for the network. For more information on the limitations
of rate-limiting when defending against DDoS, see [REF_TLS_1].
If we ever hope to have truly reachable global onion services, we need to
make it harder for attackers to overload the service with introduction