ubergeek
/
rfcs
forked from tildeverse/rfcs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add 'rfc-tilde-tor-support.md'

This commit is contained in:
ubergeek 2019-08-02 21:33:32 -04:00
parent 3051d69ab3
commit 75569d8b4b
1 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
rfc-tilde-tor-support.md Normal file
View File

@ -0,0 +1,31 @@
+++
title : Tilde TOR support
number: TBD
author: Ubergeek <ubergeek@thunix.net>
status: proposed
+++
# Abstract
TOR is a mixing proxy, which anonymizes connections to internet services, to protect the indentify, and thusly, the privacy of a user. Members of the tildeverse hold as a value keeping the privacy of users as a top concern a part of their ethos. TOR support enhances this ethos, and demonstrates it's not just _in words only_.
It is proposed that some level of TOR support be enabled for all tildeverse members. Minimally, gopher and http protocols. This would enable those in oppressive regions some interaction with the tildeverse services, and further the goals of a more diverse community.
# Procedural
## Security Considerations
Users connecting via tor are, by default, anonymized. Ther activity logging is minimal, as many will appear to connect from _localhost_.
Care and consideration should be taken in deciding which services are exposed via TOR, vs the risk to the particular community. For example, some tildes may be able to expose any and all services they operate via TOR (SSH, Email, www, etc), while another tildeverse member maybe only be able to safely expose gopher. Individual admins should decide this.
## Operation Considerations
There are minimal operating considerations, aside from the load borne to manage the proxy, and encrypted connections. A new tilde may not have the resources to do this, by a larger tilde, like Thunix, has plenty of idle processor power to do so.
Care must be taken for the hidden services identity file. This cannot be managed in a public space, as doing so would be the equivalent of giving away private keys for a SSL cert.
If possible, a custom onion name should be generated using scallion or eschalot (Two indivual tools used for generating custom names), in order to create a more memorable service name. If possible, a new tilde should consider requesting special access to do so, from a larger tilde, or pubnix. It can be quite CPU intensive.
## Minimal Standard
At a minimum, HTTP and gopher should be exposed via TOR, to allow many of the tildeverse services to be used via TOR. Optimally, SSH would be exposed as well, in order to allow participation in the most minimal of levels consider to be an active member of the tildeverse community.
Additionally, the individual tildeverse member should advertise their onion name on their website, to allow for discovery.