Should we put unused pieces of tor-cell behind feature flags?
In #125 (closed), we scanned the crates for unused code, and put it behind feature flags... except in one major case:
In the tor-cell crate, we still have parsing code for cells that no client should ever receive (like EXTEND), and encoding code for cells that no client will ever send (like CREATED).
If we were to remove encoding support for cells that clients don't need to send, we'd need to break our current abstraction, which says that every cell type that we can parse, we can also encode. That would take some refactoring.
If we were to remove decoding support for cells that clients should always reject, we would risk a probing attack, where an adversary sends (say) an unexpected EXTEND cell on a circuit and somehow detect whether it is rejected because of a lack of parsing support, or because the circuit is constructed in the wrong direction. (That would leak whether a circuit was opened by a client or a relay.) To solve that issue, we would need to make sure that cell types were always checked for suitability before the contents of the cell get parsed.
Why might we want to go forward with this work anyway, despite the refactoring? Because it's good to avoid shipping code that we don't need, and because compiling out code could (in theory) reduce the attack surface that we expose on clients.
I am not 100% sure to what extent this is a good idea, but it is larger in scope than #125 (closed), so I'm givint it its own ticket.