Tor proposals by number
Here we have a set of proposals for changes to the Tor protocol. Some of these proposals are implemented; some are works in progress; and some will never be implemented.
Below are a list of proposals sorted by their proposal number. See BY_STATUS.md for a list of proposals sorted by status.
000-index.txt
: Index of Tor Proposals [META]001-process.txt
: The Tor Proposal Process [META]098-todo.txt
: Proposals that should be written [OBSOLETE]099-misc.txt
: Miscellaneous proposals [OBSOLETE]100-tor-spec-udp.txt
: Tor Unreliable Datagram Extension Proposal [DEAD]101-dir-voting.txt
: Voting on the Tor Directory System [CLOSED]102-drop-opt.txt
: Dropping "opt" from the directory format [CLOSED]103-multilevel-keys.txt
: Splitting identity key from regularly used signing key [CLOSED]104-short-descriptors.txt
: Long and Short Router Descriptors [CLOSED]105-handshake-revision.txt
: Version negotiation for the Tor protocol [CLOSED]106-less-tls-constraint.txt
: Checking fewer things during TLS handshakes [CLOSED]107-uptime-sanity-checking.txt
: Uptime Sanity Checking [CLOSED]108-mtbf-based-stability.txt
: Base "Stable" Flag on Mean Time Between Failures [CLOSED]109-no-sharing-ips.txt
: No more than one server per IP address [CLOSED]110-avoid-infinite-circuits.txt
: Avoiding infinite length circuits [CLOSED]111-local-traffic-priority.txt
: Prioritizing local traffic over relayed traffic [CLOSED]112-bring-back-pathlencoinweight.txt
: Bring Back Pathlen Coin Weight [SUPERSEDED]113-fast-authority-interface.txt
: Simplifying directory authority administration [SUPERSEDED]114-distributed-storage.txt
: Distributed Storage for Tor Hidden Service Descriptors [CLOSED]115-two-hop-paths.txt
: Two Hop Paths [DEAD]116-two-hop-paths-from-guard.txt
: Two hop paths from entry guards [DEAD]117-ipv6-exits.txt
: IPv6 exits [CLOSED]118-multiple-orports.txt
: Advertising multiple ORPorts at once [SUPERSEDED]119-controlport-auth.txt
: New PROTOCOLINFO command for controllers [CLOSED]120-shutdown-descriptors.txt
: Shutdown descriptors when Tor servers stop [DEAD]121-hidden-service-authentication.txt
: Hidden Service Authentication [CLOSED]122-unnamed-flag.txt
: Network status entries need a new Unnamed flag [CLOSED]123-autonaming.txt
: Naming authorities automatically create bindings [CLOSED]124-tls-certificates.txt
: Blocking resistant TLS certificate usage [SUPERSEDED]125-bridges.txt
: Behavior for bridge users, bridge relays, and bridge authorities [CLOSED]126-geoip-reporting.txt
: Getting GeoIP data and publishing usage summaries [CLOSED]127-dirport-mirrors-downloads.txt
: Relaying dirport requests to Tor download site / website [OBSOLETE]128-bridge-families.txt
: Families of private bridges [DEAD]129-reject-plaintext-ports.txt
: Block Insecure Protocols by Default [CLOSED]130-v2-conn-protocol.txt
: Version 2 Tor connection protocol [CLOSED]131-verify-tor-usage.txt
: Help users to verify they are using Tor [OBSOLETE]132-browser-check-tor-service.txt
: A Tor Web Service For Verifying Correct Browser Configuration [OBSOLETE]133-unreachable-ors.txt
: Incorporate Unreachable ORs into the Tor Network [RESERVE]134-robust-voting.txt
: More robust consensus voting with diverse authority sets [REJECTED]135-private-tor-networks.txt
: Simplify Configuration of Private Tor Networks [CLOSED]136-legacy-keys.txt
: Mass authority migration with legacy keys [CLOSED]137-bootstrap-phases.txt
: Keep controllers informed as Tor bootstraps [CLOSED]138-remove-down-routers-from-consensus.txt
: Remove routers that are not Running from consensus documents [CLOSED]139-conditional-consensus-download.txt
: Download consensus documents only when it will be trusted [CLOSED]140-consensus-diffs.txt
: Provide diffs between consensuses [CLOSED]141-jit-sd-downloads.txt
: Download server descriptors on demand [OBSOLETE]142-combine-intro-and-rend-points.txt
: Combine Introduction and Rendezvous Points [DEAD]143-distributed-storage-improvements.txt
: Improvements of Distributed Storage for Tor Hidden Service Descriptors [SUPERSEDED]144-enforce-distinct-providers.txt
: Increase the diversity of circuits by detecting nodes belonging the same provider [OBSOLETE]145-newguard-flag.txt
: Separate "suitable as a guard" from "suitable as a new guard" [SUPERSEDED]146-long-term-stability.txt
: Add new flag to reflect long-term stability [SUPERSEDED]147-prevoting-opinions.txt
: Eliminate the need for v2 directories in generating v3 directories [REJECTED]148-uniform-client-end-reason.txt
: Stream end reasons from the client side should be uniform [CLOSED]149-using-netinfo-data.txt
: Using data from NETINFO cells [SUPERSEDED]150-exclude-exit-nodes.txt
: Exclude Exit Nodes from a circuit [CLOSED]151-path-selection-improvements.txt
: Improving Tor Path Selection [CLOSED]152-single-hop-circuits.txt
: Optionally allow exit from single-hop circuits [CLOSED]153-automatic-software-update-protocol.txt
: Automatic software update protocol [SUPERSEDED]154-automatic-updates.txt
: Automatic Software Update Protocol [SUPERSEDED]155-four-hidden-service-improvements.txt
: Four Improvements of Hidden Service Performance [CLOSED]156-tracking-blocked-ports.txt
: Tracking blocked ports on the client side [SUPERSEDED]157-specific-cert-download.txt
: Make certificate downloads specific [CLOSED]158-microdescriptors.txt
: Clients download consensus + microdescriptors [CLOSED]159-exit-scanning.txt
: Exit Scanning [INFORMATIONAL]160-bandwidth-offset.txt
: Authorities vote for bandwidth offsets in consensus [CLOSED]161-computing-bandwidth-adjustments.txt
: Computing Bandwidth Adjustments [CLOSED]162-consensus-flavors.txt
: Publish the consensus in multiple flavors [CLOSED]163-detecting-clients.txt
: Detecting whether a connection comes from a client [SUPERSEDED]164-reporting-server-status.txt
: Reporting the status of server votes [OBSOLETE]165-simple-robust-voting.txt
: Easy migration for voting authority sets [REJECTED]166-statistics-extra-info-docs.txt
: Including Network Statistics in Extra-Info Documents [CLOSED]167-params-in-consensus.txt
: Vote on network parameters in consensus [CLOSED]168-reduce-circwindow.txt
: Reduce default circuit window [REJECTED]169-eliminating-renegotiation.txt
: Eliminate TLS renegotiation for the Tor connection handshake [SUPERSEDED]170-user-path-config.txt
: Configuration options regarding circuit building [SUPERSEDED]171-separate-streams.txt
: Separate streams across circuits by connection metadata [CLOSED]172-circ-getinfo-option.txt
: GETINFO controller option for circuit information [RESERVE]173-getinfo-option-expansion.txt
: GETINFO Option Expansion [OBSOLETE]174-optimistic-data-server.txt
: Optimistic Data for Tor: Server Side [CLOSED]175-automatic-node-promotion.txt
: Automatically promoting Tor clients to nodes [REJECTED]176-revising-handshake.txt
: Proposed version-3 link handshake for Tor [CLOSED]177-flag-abstention.txt
: Abstaining from votes on individual flags [RESERVE]178-param-voting.txt
: Require majority of authorities to vote for consensus parameters [CLOSED]179-TLS-cert-and-parameter-normalization.txt
: TLS certificate and parameter normalization [CLOSED]180-pluggable-transport.txt
: Pluggable transports for circumvention [CLOSED]181-optimistic-data-client.txt
: Optimistic Data for Tor: Client Side [CLOSED]182-creditbucket.txt
: Credit Bucket [OBSOLETE]183-refillintervals.txt
: Refill Intervals [CLOSED]184-v3-link-protocol.txt
: Miscellaneous changes for a v3 Tor link protocol [CLOSED]185-dir-without-dirport.txt
: Directory caches without DirPort [SUPERSEDED]186-multiple-orports.txt
: Multiple addresses for one OR or bridge [CLOSED]187-allow-client-auth.txt
: Reserve a cell type to allow client authorization [CLOSED]188-bridge-guards.txt
: Bridge Guards and other anti-enumeration defenses [RESERVE]189-authorize-cell.txt
: AUTHORIZE and AUTHORIZED cells [OBSOLETE]190-shared-secret-bridge-authorization.txt
: Bridge Client Authorization Based on a Shared Secret [OBSOLETE]191-mitm-bridge-detection-resistance.txt
: Bridge Detection Resistance against MITM-capable Adversaries [OBSOLETE]192-store-bridge-information.txt
: Automatically retrieve and store information about bridges [OBSOLETE]193-safe-cookie-authentication.txt
: Safe cookie authentication for Tor controllers [CLOSED]194-mnemonic-urls.txt
: Mnemonic .onion URLs [SUPERSEDED]195-TLS-normalization-for-024.txt
: TLS certificate normalization for Tor 0.2.4.x [DEAD]196-transport-control-ports.txt
: Extended ORPort and TransportControlPort [CLOSED]197-postmessage-ipc.txt
: Message-based Inter-Controller IPC Channel [REJECTED]198-restore-clienthello-semantics.txt
: Restore semantics of TLS ClientHello [CLOSED]199-bridgefinder-integration.txt
: Integration of BridgeFinder and BridgeFinderHelper [OBSOLETE]200-new-create-and-extend-cells.txt
: Adding new, extensible CREATE, EXTEND, and related cells [CLOSED]201-bridge-v3-reqs-stats.txt
: Make bridges report statistics on daily v3 network status requests [RESERVE]202-improved-relay-crypto.txt
: Two improved relay encryption protocols for Tor cells [META]203-https-frontend.txt
: Avoiding censorship by impersonating an HTTPS server [OBSOLETE]204-hidserv-subdomains.txt
: Subdomain support for Hidden Service addresses [CLOSED]205-local-dnscache.txt
: Remove global client-side DNS caching [CLOSED]206-directory-sources.txt
: Preconfigured directory sources for bootstrapping [CLOSED]207-directory-guards.txt
: Directory guards [CLOSED]208-ipv6-exits-redux.txt
: IPv6 Exits Redux [CLOSED]209-path-bias-tuning.txt
: Tuning the Parameters for the Path Bias Defense [OBSOLETE]210-faster-headless-consensus-bootstrap.txt
: Faster Headless Consensus Bootstrapping [SUPERSEDED]211-mapaddress-tor-status.txt
: Internal Mapaddress for Tor Configuration Testing [RESERVE]212-using-old-consensus.txt
: Increase Acceptable Consensus Age [NEEDS-REVISION]213-remove-stream-sendmes.txt
: Remove stream-level sendmes from the design [DEAD]214-longer-circids.txt
: Allow 4-byte circuit IDs in a new link protocol [CLOSED]215-update-min-consensus-ver.txt
: Let the minimum consensus method change with time [CLOSED]216-ntor-handshake.txt
: Improved circuit-creation key exchange [CLOSED]217-ext-orport-auth.txt
: Tor Extended ORPort Authentication [CLOSED]218-usage-controller-events.txt
: Controller events to better understand connection/circuit usage [CLOSED]219-expanded-dns.txt
: Support for full DNS and DNSSEC resolution in Tor [NEEDS-REVISION]220-ecc-id-keys.txt
: Migrate server identity keys to Ed25519 [CLOSED]221-stop-using-create-fast.txt
: Stop using CREATE_FAST [CLOSED]222-remove-client-timestamps.txt
: Stop sending client timestamps [CLOSED]223-ace-handshake.txt
: Ace: Improved circuit-creation key exchange [RESERVE]224-rend-spec-ng.txt
: Next-Generation Hidden Services in Tor [CLOSED]225-strawman-shared-rand.txt
: Strawman proposal: commit-and-reveal shared rng [SUPERSEDED]226-bridgedb-database-improvements.txt
: "Scalability and Stability Improvements to BridgeDB: Switching to a Distributed Database System and RDBMS" [RESERVE]227-vote-on-package-fingerprints.txt
: Include package fingerprints in consensus documents [CLOSED]228-cross-certification-onionkeys.txt
: Cross-certifying identity keys with onion keys [CLOSED]229-further-socks5-extensions.txt
: Further SOCKS5 extensions [REJECTED]230-rsa1024-relay-id-migration.txt
: How to change RSA1024 relay identity keys [OBSOLETE]231-migrate-authority-rsa1024-ids.txt
: Migrating authority RSA1024 identity keys [OBSOLETE]232-pluggable-transports-through-proxy.txt
: Pluggable Transport through SOCKS proxy [CLOSED]233-quicken-tor2web-mode.txt
: Making Tor2Web mode faster [REJECTED]234-remittance-addresses.txt
: Adding remittance field to directory specification [REJECTED]235-kill-named-flag.txt
: Stop assigning (and eventually supporting) the Named flag [CLOSED]236-single-guard-node.txt
: The move to a single guard node [CLOSED]237-directory-servers-for-all.txt
: All relays are directory servers [CLOSED]238-hs-relay-stats.txt
: Better hidden service stats from Tor relays [CLOSED]239-consensus-hash-chaining.txt
: Consensus Hash Chaining [OPEN]240-auth-cert-revocation.txt
: Early signing key revocation for directory authorities [OPEN]241-suspicious-guard-turnover.txt
: Resisting guard-turnover attacks [REJECTED]242-better-families.txt
: Better performance and usability for the MyFamily option [SUPERSEDED]243-hsdir-flag-need-stable.txt
: Give out HSDir flag only to relays with Stable flag [CLOSED]244-use-rfc5705-for-tls-binding.txt
: Use RFC5705 Key Exporting in our AUTHENTICATE calls [CLOSED]245-tap-out.txt
: Deprecating and removing the TAP circuit extension protocol [SUPERSEDED]246-merge-hsdir-and-intro.txt
: Merging Hidden Service Directories and Introduction Points [REJECTED]247-hs-guard-discovery.txt
: Defending Against Guard Discovery Attacks using Vanguards [SUPERSEDED]248-removing-rsa-identities.txt
: Remove all RSA identity keys [NEEDS-REVISION]249-large-create-cells.txt
: Allow CREATE cells with >505 bytes of handshake data [SUPERSEDED]250-commit-reveal-consensus.txt
: Random Number Generation During Tor Voting [CLOSED]251-netflow-padding.txt
: Padding for netflow record resolution reduction [CLOSED]252-single-onion.txt
: Single Onion Services [SUPERSEDED]253-oob-hmac.txt
: Out of Band Circuit HMACs [DEAD]254-padding-negotiation.txt
: Padding Negotiation [CLOSED]255-hs-load-balancing.txt
: Controller features to allow for load-balancing hidden services [RESERVE]256-key-revocation.txt
: Key revocation for relays and authorities [RESERVE]257-hiding-authorities.txt
: Refactoring authorities and making them more isolated from the net [META]258-dirauth-dos.txt
: Denial-of-service resistance for directory authorities [DEAD]259-guard-selection.txt
: New Guard Selection Behaviour [OBSOLETE]260-rend-single-onion.txt
: Rendezvous Single Onion Services [FINISHED]261-aez-crypto.txt
: AEZ for relay cryptography [OBSOLETE]262-rekey-circuits.txt
: Re-keying live circuits with new cryptographic material [RESERVE]263-ntru-for-pq-handshake.txt
: Request to change key exchange protocol for handshake v1.2 [OBSOLETE]264-subprotocol-versions.txt
: Putting version numbers on the Tor subprotocols [CLOSED]265-load-balancing-with-overhead.txt
: Load Balancing with Overhead Parameters [OPEN]266-removing-current-obsolete-clients.txt
: Removing current obsolete clients from the Tor network [SUPERSEDED]267-tor-consensus-transparency.txt
: Tor Consensus Transparency [OPEN]268-guard-selection.txt
: New Guard Selection Behaviour [OBSOLETE]269-hybrid-handshake.txt
: Transitionally secure hybrid handshakes [NEEDS-REVISION]270-newhope-hybrid-handshake.txt
: RebelAlliance: A Post-Quantum Secure Hybrid Handshake Based on NewHope [OBSOLETE]271-another-guard-selection.txt
: Another algorithm for guard selection [CLOSED]272-valid-and-running-by-default.txt
: Listed routers should be Valid, Running, and treated as such [CLOSED]273-exit-relay-pinning.txt
: Exit relay pinning for web services [RESERVE]274-rotate-onion-keys-less.txt
: Rotate onion keys less frequently [CLOSED]275-md-published-time-is-silly.txt
: Stop including meaningful "published" time in microdescriptor consensus [CLOSED]276-lower-bw-granularity.txt
: Report bandwidth with lower granularity in consensus documents [DEAD]277-detect-id-sharing.txt
: Detect multiple relay instances running with same ID [OPEN]278-directory-compression-scheme-negotiation.txt
: Directory Compression Scheme Negotiation [CLOSED]279-naming-layer-api.txt
: A Name System API for Tor Onion Services [NEEDS-REVISION]280-privcount-in-tor.txt
: Privacy-Preserving Statistics with Privcount in Tor [SUPERSEDED]281-bulk-md-download.txt
: Downloading microdescriptors in bulk [RESERVE]282-remove-named-from-consensus.txt
: Remove "Named" and "Unnamed" handling from consensus voting [ACCEPTED]283-ipv6-in-micro-consensus.txt
: Move IPv6 ORPorts from microdescriptors to the microdesc consensus [CLOSED]284-hsv3-control-port.txt
: Hidden Service v3 Control Port [CLOSED]285-utf-8.txt
: Directory documents should be standardized as UTF-8 [ACCEPTED]286-hibernation-api.txt
: Controller APIs for hibernation access on mobile [REJECTED]287-reduce-lifetime.txt
: Reduce circuit lifetime without overloading the network [OPEN]288-privcount-with-shamir.txt
: Privacy-Preserving Statistics with Privcount in Tor (Shamir version) [RESERVE]289-authenticated-sendmes.txt
: Authenticating sendme cells to mitigate bandwidth attacks [CLOSED]290-deprecate-consensus-methods.txt
: Continuously update consensus methods [META]291-two-guard-nodes.txt
: The move to two guard nodes [FINISHED]292-mesh-vanguards.txt
: Mesh-based vanguards [CLOSED]293-know-when-to-publish.txt
: Other ways for relays to know when to publish [CLOSED]294-tls-1.3.txt
: TLS 1.3 Migration [DRAFT]295-relay-crypto-with-adl.txt
: Using ADL for relay cryptography (solving the crypto-tagging attack) [OPEN]296-expose-bandwidth-files.txt
: Have Directory Authorities expose raw bandwidth list files [CLOSED]297-safer-protover-shutdowns.txt
: Relaxing the protover-based shutdown rules [CLOSED]298-canonical-families.txt
: Putting family lines in canonical form [CLOSED]299-ip-failure-count.txt
: Preferring IPv4 or IPv6 based on IP Version Failure Count [SUPERSEDED]300-walking-onions.txt
: Walking Onions: Scaling and Saving Bandwidth [INFORMATIONAL]301-dont-vote-on-package-fingerprints.txt
: Don't include package fingerprints in consensus documents [CLOSED]302-padding-machines-for-onion-clients.txt
: Hiding onion service clients using padding [CLOSED]303-protover-removal-policy.txt
: When and how to remove support for protocol versions [OPEN]304-socks5-extending-hs-error-codes.txt
: Extending SOCKS5 Onion Service Error Codes [CLOSED]305-establish-intro-dos-defense-extention.txt
: ESTABLISH_INTRO Cell DoS Defense Extension [CLOSED]306-ipv6-happy-eyeballs.txt
: A Tor Implementation of IPv6 Happy Eyeballs [OPEN]307-onionbalance-v3.txt
: Onion Balance Support for Onion Service v3 [RESERVE]308-counter-galois-onion.txt
: Counter Galois Onion: A New Proposal for Forward-Secure Relay Cryptography [SUPERSEDED]309-optimistic-socks-in-tor.txt
: Optimistic SOCKS Data [OPEN]310-bandaid-on-guard-selection.txt
: Towards load-balancing in Prop 271 [CLOSED]311-relay-ipv6-reachability.txt
: Tor Relay IPv6 Reachability [ACCEPTED]312-relay-auto-ipv6-addr.txt
: Tor Relay Automatic IPv6 Address Discovery [ACCEPTED]313-relay-ipv6-stats.txt
: Tor Relay IPv6 Statistics [ACCEPTED]314-allow-markdown-proposals.md
: Allow Markdown for proposal format [CLOSED]315-update-dir-required-fields.txt
: Updating the list of fields required in directory documents [CLOSED]316-flashflow.md
: FlashFlow: A Secure Speed Test for Tor (Parent Proposal) [DRAFT]317-secure-dns-name-resolution.txt
: Improve security aspects of DNS name resolution [NEEDS-REVISION]318-limit-protovers.md
: Limit protover values to 0-63 [CLOSED]319-wide-everything.md
: RELAY_FRAGMENT cells [OBSOLETE]320-tap-out-again.md
: Removing TAP usage from v2 onion services [REJECTED]321-happy-families.md
: Better performance and usability for the MyFamily option (v2) [ACCEPTED]322-dirport-linkspec.md
: Extending link specifiers to include the directory port [OPEN]323-walking-onions-full.md
: Specification for Walking Onions [OPEN]324-rtt-congestion-control.txt
: RTT-based Congestion Control for Tor [FINISHED]325-packed-relay-cells.md
: Packed relay cells: saving space on small commands [OBSOLETE]326-tor-relay-well-known-uri-rfc8615.md
: The "tor-relay" Well-Known Resource Identifier [OPEN]327-pow-over-intro.txt
: A First Take at PoW Over Introduction Circuits [CLOSED]328-relay-overload-report.md
: Make Relays Report When They Are Overloaded [CLOSED]329-traffic-splitting.txt
: Overcoming Tor's Bottlenecks with Traffic Splitting [FINISHED]330-authority-contact.md
: Modernizing authority contact entries [OPEN]331-res-tokens-for-anti-dos.md
: Res tokens: Anonymous Credentials for Onion Service DoS Resilience [DRAFT]332-ntor-v3-with-extra-data.md
: Ntor protocol with extra data, version 3 [CLOSED]333-vanguards-lite.md
: Vanguards lite [CLOSED]334-middle-only-flag.txt
: A Directory Authority Flag To Mark Relays As Middle-only [SUPERSEDED]335-middle-only-redux.md
: An authority-only design for MiddleOnly [CLOSED]336-randomize-guard-retries.md
: Randomized schedule for guard retries [CLOSED]337-simpler-guard-usability.md
: A simpler way to decide, "Is this guard usable?" [CLOSED]338-netinfo-y2038.md
: Use an 8-byte timestamp in NETINFO cells [ACCEPTED]339-udp-over-tor.md
: UDP traffic over Tor [ACCEPTED]340-packed-and-fragmented.md
: Packed and fragmented relay messages [OPEN]341-better-oos.md
: A better algorithm for out-of-sockets eviction [OPEN]342-decouple-hs-interval.md
: Decoupling hs_interval and SRV lifetime [DRAFT]343-rend-caa.txt
: CAA Extensions for the Tor Rendezvous Specification [OPEN]344-protocol-info-leaks.txt
: Prioritizing Protocol Information Leaks in Tor [OPEN]345-specs-in-mdbook.md
: Migrating the tor specifications to mdbook [CLOSED]346-protovers-again.md
: Clarifying and extending the use of protocol versioning [OPEN]347-domain-separation.md
: Domain separation for certificate signing keys [OPEN]348-udp-app-support.md
: UDP Application Support in Tor [OPEN]349-command-state-validation.md
: Client-Side Command Acceptance Validation [DRAFT]350-remove-tap.md
: A phased plan to remove TAP onion keys [ACCEPTED]351-socks-auth-extensions.md
: Making SOCKS5 authentication extensions extensible [OPEN]