[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal xxx: Safe cookie authentication

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal xxx: Safe cookie authentication
From: Damian Johnson <atagar1@xxxxxxxxx>
Date: Mon, 6 Feb 2012 12:59:08 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 06 Feb 2012 15:59:21 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=8Tsun47YWvo5Kc3M/sJbJXJtHGk91m8HeNfIuRrMGJk=; b=TMofOTeEWg2WdlIcp2mI0d+/aKZQLXZurwQ2FNKkGXh6hQxxWHv+tU1CDmc4bf7769 TQvqX2s36dVpBjaqq/qE74nIg+8FJHccR9AnKzq/kEDqz0ufAmIaYUqQfHjHziKVN2bh yvxj0mfTf3kxPOIMSmSkGw9Q6p6nbFT+QMAG4=
In-reply-to: <CABqy+sqV+nCpTVDbH-2Nd0edpOhJJ73FKOfDghm=GHMbUEdVdQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for discussion by the developers of Tor." <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CABqy+soHR0KUG9JFPsf+ewj+222-5fOQgHJEF_NVAwFf6+ZSDw@xxxxxxxxxxxxxx> <CABqy+sqV+nCpTVDbH-2Nd0edpOhJJ73FKOfDghm=GHMbUEdVdQ@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

> See branch safecookie of
> https://gitweb.torproject.org/rransom/torspec.git for a revised ‘safe
> cookie authentication’ protocol

The spec still doesn't look reader friendly but guess we won't be
expecting too many clients to implement this. One other note is that
keywords like 'must' should be capitalized similar to other parts of
the spec.

> This needs testing
> and a backport, and a few Trac tickets.

We could save some work by writing a handler for this in stem.
Currently when you run...

git clone git://git.torproject.org/stem.git
./stem/run_tests.py --integ --target RUN_ALL --tor /path/to/your/tor

You'll exercise all of the connection and authentication use cases
within around a minute, including...
* no control port or socket
* control port
* control socket
* no auth
* password auth
* cookie auth
* multiple auth methods

This will confirm that you aren't inadvertently breaking something
else. Then if we add the safe cookie handshake and integ test it'll be
easier for you to test this change as it's developed (test runs with a
single target take around eight seconds). I'd be happy to help if you
can get just about any python snippet correctly authenticating to your
feature.

Cheers! -Damian
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Proposal xxx: Safe cookie authentication
  - From: Robert Ransom
- Re: [tor-dev] Proposal xxx: Safe cookie authentication
  - From: Robert Ransom

Prev by Author: Re: [tor-dev] Proposal xxx: Safe cookie authentication
Next by Author: Re: [tor-dev] Proposal xxx: Safe cookie authentication
Previous by thread: Re: [tor-dev] Proposal xxx: Safe cookie authentication
Next by thread: Re: [tor-dev] Proposal xxx: Safe cookie authentication
Index(es):
- Author
- Thread