aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--proposals/000-index.txt2
-rw-r--r--proposals/285-utf-8.txt60
2 files changed, 62 insertions, 0 deletions
diff --git a/proposals/000-index.txt b/proposals/000-index.txt
index 2ae06a9..3352d02 100644
--- a/proposals/000-index.txt
+++ b/proposals/000-index.txt
@@ -205,6 +205,7 @@ Proposals by number:
282 Remove "Named" and "Unnamed" handling from consensus voting [OPEN]
283 Move IPv6 ORPorts from microdescriptors to the microdesc consensus [OPEN]
284 Hidden Service v3 Control Port [OPEN]
+285 Directory documents should be standardized as UTF-8 [OPEN]
Proposals by status:
@@ -263,6 +264,7 @@ Proposals by status:
282 Remove "Named" and "Unnamed" handling from consensus voting [for 0.3.3.x]
283 Move IPv6 ORPorts from microdescriptors to the microdesc consensus [for 0.3.3.x]
284 Hidden Service v3 Control Port
+ 285 Directory documents should be standardized as UTF-8
ACCEPTED:
172 GETINFO controller option for circuit information
173 GETINFO Option Expansion
diff --git a/proposals/285-utf-8.txt b/proposals/285-utf-8.txt
new file mode 100644
index 0000000..939399f
--- /dev/null
+++ b/proposals/285-utf-8.txt
@@ -0,0 +1,60 @@
+Filename: 285-utf-8.txt
+Title: Directory documents should be standardized as UTF-8
+Author: Nick Mathewson
+Created: 13 November 2017
+Status: Open
+
+1. Summary and motivation
+
+ People frequently want to include non-ASCII text in their router
+ descriptors. The Contact line is a favorite place to do this, but in
+ principle the platform line would also be pretty logical.
+
+ Unfortunately, there's no specified way to encode non-ASCII in our
+ directory documents.
+
+ Fortunately, almost everybody who does it, uses UTF-8 anyway.
+
+ As we move towards Rust support in Tor, we gain another motivation
+ for standarding on UTF-8, since Rust's native strings strongly prefer
+ UTF-8.
+
+ So, in this proposal, we describe a migration path to having all
+ directory documents be fully UTF-8.
+
+2. Proposal
+
+ First, we should have Tor relays reject ContactInfo lines (and any
+ other lines copied directly into router descriptors) that are not
+ UTF-8.
+
+ At the same time, we should have authorities reject any router
+ descriptors or extrainfo documents that are not valid UTF-8.
+ Simultaneously, we can have all Tor instances reject all
+ non-directory-descriptor directory documents that are not UTF-8,
+ since none should exist today.
+
+ Finally, once the authorities have updated, we should have all Tor
+ instances reject all directory documents that are not UTF-8. (We
+ should not take this step until the authorities have upgraded, or
+ else the behavior of updated and non-updated clients could be
+ distinguished.)
+
+2.1. Hidden service descriptors' encrypted bodies
+
+ For the encrypted bodies of hidden service descriptors, we cannot
+ reject them at the authority level, and so we need to take a slightly
+ different approach to prevent client fingerprinting attacks.
+
+ First, we should make Tor instances start warning about any hidden
+ service descriptors whose bodies, post-decryption, contain non-utf-8
+ plaintext. At the same time, we add a consensus parameter to
+ indicate that hidden service descriptors with non-utf-8 plantexts
+ should be rejected entirely: "reject-encrypted-non-utf-8". If that
+ parameter is set to 1, then hidden service clients will not only
+ warn, but reject the descriptors.
+
+ Once the vast majority of clients are running versions that support
+ the "reject-encrypted-non-utf-8" parameter, that parameter can be set
+ to 1.
+
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion