[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #7098 [Tor]: Add safe-cookie authentication to Extended ORPort and TransportControlPort
#7098: Add safe-cookie authentication to Extended ORPort and TransportControlPort
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: tor-bridge | Parent: #4773
Points: | Actualpoints:
------------------------+---------------------------------------------------
Changes (by nickm):
* status: new => needs_review
Comment:
Replying to [comment:9 asn]:
> See branch `bug7098_draft` in
`https://git.torproject.org/user/asn/torspec.git` for an early-draft of
the proposal. Do you like the general direction of the protocol?
I don't think the version negotiation works. What is the client supposed
to do if it sees a version it doesn't recognize, or an authentication
means that it doesn't support? What if the server supports multiple
versions/authenticators? Other than that, looks sane. Also, it should
specify how the client finds out the cookie; that was a world of trouble
in the earlier control protocol things.
"Tor Port Guardian" is a bit silly as a name. We already have "Guards";
let's not confuse people. How about just "Tor Extended ORPort
Authentication" ?
The cookie file should have have 32 fixed bytes to start with, and then a
fixed-length cookie.
I really do want to know how the parent protocol specifies the file
location.
TOR_AUTH_PT_COOKIE should be TOR_AUTH_PT_COOKIE_FILE imo.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7098#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs