This will let privacy-conscious users find out about P4 without revealing metadata while they do so.

txtorcon 18.3 makes non-anonymous ephemeral services available via endpoint description strings. Use this to re-enable this tor feature.

Processing time for N Sapling diversified addresses is supposedly roughly constant on N. This makes it appealing to use this kind of address for each subscription to avoid having the transaction processing cost grow with the number of active subscriptions.

As of the time of this issue, no API is available for working with Sapling diversified addresses so we are going to use "regular" Sapling addresses instead.

When such an API becomes available, we should switch to Sapling diversified addresses.

When a new subscription is created, create its Onion Service(s).

See #52

Each subscription needs its own private address(es) for the Tahoe-LAFS storage servers of the service. Generate the keys necessary for such address(es).

If a single onion service can forward multiple ports, it may be feasible to use a single service with different ports forwarding to different storage servers. If not, multiple services (thus multiple keys) may be required.

Generate them as part of subscription creation and persist them (see #51). Acting on them will be a separate task.

There are some Terraform and nixops commands. These tools are hinted at but we could provide a quickstart section in the README.

This might be useful for development purposes. Supposedly, NixOps makes this easy with its built-in VirtualBox features.

The website reachable via #8 and containing instructions from #9 will have a button that asks the backend to provision a subscription. Create the web side of this interaction so a button can be clicked and an invite code in a response is given to the person requesting the subscription.

nixops deploy ... re-uploads keys and restarts key services. Our Tor Hidden Service helper services restart when the key services restart. This destroys the existing hidden service descriptor and creates and uploads a new one. This introduces a long service interruption to the hidden services.

Remove this service interruption.

A new server was introduced for #11. It's in the repo but it doesn't get deployed. Update the nix deployment definition to run the server as an Onion Hidden Service.

This PR adds better ephemeral service support to txtorcon and will obsolete our txxonion code. Try it out to see if it works. If it does, we can switch to it once it is in a txtorcon release.

Describe how to sign up for S4 2.0 in the form of a web site.

The site will be served via #8

The plan is currently to use NixOps for S4 2.0. https://blog.wearewizards.io/how-to-use-nixops-in-a-team seems to have some ideas and opinions about practices for doing this in a team-friendly way. Read and understand it.

It is necessary for clients to access their Tahoe-LAFS services using Tor in order to preserve their privacy. If they fail to do so, network addressing information about them is revealed.

One approach here is to update our S4 configuration blob, currently (but not necessarily) transferred via magic-wormhole to be able to specify the client should turn on the --hide-ip option.

Another approach is to configure the S4 subscription's introducer and storage servers to only listen on onion addresses and only include such an address in the connection hints of their fURLs.

Maybe both of these would be good.

The first step in integrating payments with any kind of subscription management will be detecting payments on the blockchain.

With #1 in place, we will have a full node we can ask about transactions.

Create a service which watches for transactions to a specified set of addresses and sends the critical details of them onward to some other payment tracking service. Guarantee at-least-once delivery (or better 😉) so that no payments are missed by the downstream system.

Having upgraded to Zcash 2.0.1, it is now possible to work with (non-diversified) Sapling addresses. It should be less resource intensive to use these. Updated the (minimal) interaction the code currently has with such addresses to make sure they are Sapling addresses.

There is already a server which will accept HTTP requests to "create" new subscriptions. However, nothing is really created.

Create some real persistent state associated with the new subscription. Start with just a unique identifier but get it added to a persistent store, somehow.

All of the necessary fields to actually operate the service will come later.

This is necessary to process shielded transactions.

It is likely this will need to be upgraded to a Sapling full node once a Sapling-capable node is available. That effort will be tracked separately.

This node only needs to join the Zcash network and keep up to date with new blocks. It will need persistent storage so it can easily remain up-to-date even if restarted.

This node can also be on the testnet and be switched to mainnet later on.

When #49 is complete it will be possible to have a real Magic Wormhole conversation with the service.

Build on that by implementing negotiation for a P4 invoice and then send a real P4 invoice.

The Tahoe-LAFS configuration in the m field of the invoice need not be legitimate.

With #4 done, we will have a stream of payment information flowing. Create a service into which it can flow.

This service is responsible for a couple things, one of which is the maintenance of an existing subscription when a matching payment is detected.

It must be possible to associate this payment with an existing subscription. With Sapling diversified payment addresses, an option is for each subscription to receive its own payment address. Prior, an option is for the secure message field of the transaction to include a subscription identifier (returned previously alongside the other Tahoe-LAFS configuration data).

See also #5

When restarting the different servers involved, the services often don't re-appear at their Onion address. This makes the whole system unreliable. Figure out how to make the services reliable.

With #4 done, we will have a stream of payment information flowing. Create a service into which it can flow.

This service is responsible for a couple things, one of which is the creation of new subscriptions when a first payment is detected. Such a payment needs to receive a response containing the necessary subscription details (i.e., Tahoe-LAFS configuration).

Therefore, the initial payment must contain reverse addressing information of some sort. For example, a Zcash z address to which a zero-value transaction containing the information in the encrypted message field may be sent.

New subscriptions can be provisioned in the "subscription manager" service in the same way as web-based signup currently does.

See also #7

#10 will introduce a button on a web page. The button needs an endpoint to do the necessary work on the backend. Do it.

Create an endpoint where customers can retrieve their current and future invoices.

Figure out what a good way to do logging in Haskell is. Then add some logging to the code that's present already.

There are some automated tests in the repository now. Run them on a CI system.

Currently a hard-coded bogus code is given out. Give out a code that can actually be redeemed at wormhole.leastauthority.com instead. A real invoice need not come out of it when redeemed but something should come out of it.

Drag the low-level implementation details out to separate modules which can be invoked from s4.nix. Make s4.nix a nice high-level definition of coordination/orchestration using those other modules. Make reading s4.nix read like an overview of how the deployment works.

The node deployed in #1 will need need to be upgraded to be a Sapling node (Zcash 2.0.1 probably).

Several events may destroy the Tahoe-LAFS storage service onion services (those created as a result of #53).

This happens if the Tor daemon restarts, if the S4 daemon restarts, or if the connection between the two is lost for some reason.

Create them if they are missing.

Investigate how to run the Zcash full node with only the incoming viewing key (or does it need the full viewing key? What is the difference?). Specifically, it should run without the spending key so that if it is compromised funds cannot be transferred away.

Since the node will be deployed for #1 , a brand new wallet / new keys should be generated here and the old wallet / keys discarded (drained of funds first, if necessary) since they will not necessarily have been deployed in a way that keeps them safe from compromise.

Ideally the payment address would be a multisig address. However, Zcash does not yet support multisig shielded addresses. A fallback might be to manually apply Shamir's Secret Sharing to the spending key (from which all other keys are derived) and distribute the pieces accordingly. This introduces operational complexity and requires some kind of trusted set up and distribution, though.

It might be useful to have a dedicated node alongside other nodes in the deployment the purpose of which is developer support only.

To sign up, a user will navigate to a well-known Onion-address URL and click a button to receive an invite code.

Set up the necessary Tor node for operating such a site.