Rate limit RELAY_EARLY and TLS by IP
It is possible to execute an amplification attack on the Tor network and/or the directory authorities by launching many onionskin and tls attempts to each relay. These onion skins do not have to be valid, and can be replays: their only purpose would be to induce a relay to perform the PK step to attempt to decrypt them. Such an amplification attack can be used to consume all of the spare CPU of a relay.
One solution would be to rate limit RELAY_EARLY and TLS connections by IP address as opposed to by only circuit.
This ticket is meant as a place for the discussion for the creation of a proper Tor proposal for this behavior.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information