[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #15991 [Tor]: Option to skip authorization verification in INTRODUCE2 cell



#15991: Option to skip authorization verification in INTRODUCE2 cell
-------------------------+---------------------
 Reporter:  donncha      |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Tor          |        Version:
 Keywords:  hs           |  Actual Points:
Parent ID:               |         Points:
-------------------------+---------------------
 Tor clients include an authorization cookie in the INTRODUCE2 cell when
 accessing a hidden service configured with client authorization. The
 service verifies the INTRODUCE2 cells and denies request which don't
 include (a valid) authorization. I'd like to be able to use stealth
 authorization as a means of distributing introduction point information in
 a private way. I'd like for clients who eventually receive the decrypted
 introduction point data to be able to connect to the hidden service
 without needing to know the original authorization cookie.

 This would be useful in my Summer of Privacy project to distribute IP data
 in a private way while allowing clients to connect as normal (without
 authorization) to a published descriptor containing those introduction
 points.

 I can also see a use case situation where a service would like to
 distribute stealth authorization introduction points to a client outside
 of the HSDir system by using some other form of client authorization (web
 of trust, captcha, etc.).

 I'd propose a 'HiddenServiceNoAuthorizationVerify' option to allow service
 operators to disable authorization verification of a per service basis. I
 think Tor should provide a suitable warning on start up to ensure
 operators are aware of the potential consequences of enabling the option.

     HiddenServiceDir /var/lib/tor/hidden_service/
     HiddenServicePort 80 127.0.0.1:80
     HiddenServiceAuthorizeClient stealth user
     HiddenServiceNoAuthorizationVerify 0

 If people think this option is a reasonable idea, I can start writing a
 patch for the feature.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15991>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs