Define a "redactable" trait, and use it when logging guard info (!882) · Merge requests · The Tor Project / Core / Arti

Nick Mathewson requested to merge nickm/arti:redacted into main Nov 21, 2022

This provides a better solution for #627 (closed), and may be the basis of #556 (closed).

Concernts:

I'm not sure I like how it looks next to our our sensitive APIs.
It does tend to require a bunch of intermediary implementations, whereas sensitive doesn't.
I still have the concerns from #627 (closed) that logging 2 bytes per guard may be too much under some circumstances.
I'm not sure that the debug variant is necessary; maybe calling Debug on a Redacted should just call Display and wrap the result as an escaped string.

Assigning review to @Diziet based on earlier comments on #627 (closed), but I wouldn't mind feedback from eta too about design here.

Define a "redactable" trait, and use it when logging guard info