[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20022 [Core Tor/Tor]: Tor should deprecate insecure cookie auth

Subject: Re: [tor-bugs] #20022 [Core Tor/Tor]: Tor should deprecate insecure cookie auth
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 30 Aug 2016 04:43:05 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 30 Aug 2016 00:43:19 -0400
In-reply-to: <043.26091d6d0d8c2a2eed5477a0d8480844@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.26091d6d0d8c2a2eed5477a0d8480844@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20022: Tor should deprecate insecure cookie auth
--------------------------+---------------------
 Reporter:  dkg           |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+---------------------

Comment (by yawning):

 For what it's worth `bulb` (the Go controller library) doesn't support
 `COOKIE` at all, under the assumption that `"COOKIE" authentication
 exists, but anything modern supports "SAFECOOKIE".`.

 Any project that finds `SAFECOOKIE` hard to implement either should use
 library code that does it for them or be the target of merciless mockery.

 Somewhat orthogonal to this, the browser code's treatment of controller
 auth in general could be improved (eg: #16017).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20022#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #20022 [Core Tor/Tor]: Tor should deprecated insecure cookie auth
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #7085 [Applications/Tor Browser]: Integrate Cryptocat Browser Extension into Tor Browser
Next by Author: Re: [tor-bugs] #19528 [Applications/Tor Browser]: The build id stays the same with every Firefox update
Previous by thread: Re: [tor-bugs] #20022 [Core Tor/Tor]: Tor should deprecate insecure cookie auth
Next by thread: Re: [tor-bugs] #20022 [Core Tor/Tor]: Tor should deprecate insecure cookie auth
Index(es):
- Author
- Thread