[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Hidden Service authorization UI

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Hidden Service authorization UI
From: Fabio Pietrosanti - lists <lists@xxxxxxxxxxxxxxx>
Date: Sun, 09 Nov 2014 21:30:46 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 09 Nov 2014 15:31:01 -0500
In-reply-to: <CAFggDF12eqBr51nS+HfnT-0TvQF2mme75qmADtxtCVs5FODi2A@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <87fvdszgg7.fsf@xxxxxxxxxx> <CAFggDF12eqBr51nS+HfnT-0TvQF2mme75qmADtxtCVs5FODi2A@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.2.0

On 11/9/14 8:58 PM, Jacob Appelbaum wrote:
>> For example, it would be interesting if TBB would allow people to
>> input a password/pubkey upon visiting a protected HS. Protected HSes
>> can be recognized by looking at the "authentication-required" field of
>> the HS descriptor. Typing your password on the browser is much more
>> useable than editing a config file.
> That sounds interesting.

Also i love this idea but i would suggest to preserve the copy&paste
self-authenticated URL property of TorHS, also in presence of authorization.

It could be done with a parameter in the URL
http://blahblah.onion/?authTorHBauBauMeowMeow=PASSWORD
Or it could be done with a URL handler httpA://PASSWORD@xxxxxxxxxxxxxx .

That way it will be possible to use such authenticated TorHS by
bookmarking an URL in TBB or by copy/pasting it from a password manager.

-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org - http://ahmia.fi

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Hidden Service authorization UI
  - From: grarpamp
- Re: [tor-dev] Hidden Service authorization UI
  - From: Griffin Boyce

References:
- [tor-dev] Hidden Service authorization UI
  - From: George Kadianakis
- Re: [tor-dev] Hidden Service authorization UI
  - From: Jacob Appelbaum

Prev by Author: [tor-dev] botnets+tor
Next by Author: Re: [tor-dev] Stormy - request for feedback
Previous by thread: Re: [tor-dev] Hidden Service authorization UI
Next by thread: Re: [tor-dev] Hidden Service authorization UI
Index(es):
- Author
- Thread