[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #14389 [Tor]: Improve TBB UI of hidden service client authorization

Subject: Re: [tor-bugs] #14389 [Tor]: Improve TBB UI of hidden service client authorization
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 12 Mar 2015 22:01:18 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 12 Mar 2015 18:01:26 -0400
In-reply-to: <043.1dd682f2d236334148b3b827c20fc80a@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.1dd682f2d236334148b3b827c20fc80a@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#14389: Improve TBB UI of hidden service client authorization
------------------------+--------------------------
     Reporter:  asn     |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.???
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor-hs
Actual Points:          |  Parent ID:
       Points:          |
------------------------+--------------------------

Comment (by asn):

 So as I understand it, the idea here is:

 i. User visits protected onion through TBB.
 ii. Tor fetches the descriptor and learns its encrypted.
 iii. Tor asks TBB through the control port for the shared secret of this
 onion.
 iv. TBB presents user with an "enter your shared secret" dialog.
 v. User inputs secret, TBB passes secret back to Tor through control port.
 vi. Tor is now able to decrypt descriptor and continue connecting.

 This seems like it would require writing some control port functionality.
 And since I'm browser illiterate, I have no idea how easy it is to present
 such dialogs to the user, and whether they can be pinned down to a
 specific tab (so that the user knows which website is causing it).

 Another more pragmatic approach could be a menu that can be accessed by
 the TBB user at any time, where the user can put the onion address and the
 shared secret, and TBB will use that credential every time it encounters
 that onion address. In this case TBB could maybe just do `SETCONF
 HidServAuth` directly, without writing more control port functionality,
 but more thinking is needed.

 For further bikeshedding, maybe we could also have an option on whether
 the user wants to save the secret on disk.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14389#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #14389 [Tor]: Improve TBB UI of hidden service client authorization
Next by Author: Re: [tor-bugs] #15211 [Tor]: Audit all asserts to ensure they don't have side effects
Previous by thread: Re: [tor-bugs] #14389 [Tor]: Improve TBB UI of hidden service client authorization
Next by thread: Re: [tor-bugs] #14389 [Tor]: Improve TBB UI of hidden service client authorization
Index(es):
- Author
- Thread