On Sun, Nov 09, 2014 at 09:16:40PM -0500, Griffin Boyce wrote: > On 2014-11-09 15:30, Fabio Pietrosanti - lists wrote: > >On 11/9/14 8:58 PM, Jacob Appelbaum wrote: > >>>For example, it would be interesting if TBB would allow people to > >>>input a password/pubkey upon visiting a protected HS. Protected HSes > >>>can be recognized by looking at the "authentication-required" > >>>field of > >>>the HS descriptor. Typing your password on the browser is much more > >>>useable than editing a config file. > >>That sounds interesting. > > > >Also i love this idea but i would suggest to preserve the copy&paste > >self-authenticated URL property of TorHS, also in presence of > >authorization. > > I'm conflicted about this idea. Much better for usability ~but~ > there should be an option for authenticated hidden services that > want to *not* prompt and instead fail silently if the key isn't in > the torrc (or x.y.onion url, depending on the design). > > Use case: if someone finds my hidden service url written in my > planner while traveling across the border, they might visit it to > see what it contains. If it offers a prompt, then they know it > exists and can press me for the auth key (perhaps with an M4 > carbine). If there's no prompt and the request fails, then perhaps > it "used to exist" a long time ago, or I wrote down an example URL. > > best, > Griffin I believe it's verifiable whether an authenticated HS exists anyway; you can get the descriptor, but the list of intro points is encrypted. -- Andrea Shepard <andrea@xxxxxxxxxxxxxx> PGP fingerprint (ECC): BDF5 F867 8A52 4E4A BECF DE79 A4FF BC34 F01D D536 PGP fingerprint (RSA): 3611 95A4 0740 ED1B 7EA5 DF7E 4191 13D9 D0CF BDA5
Attachment:
pgpksUBEdbyzC.pgp
Description: PGP signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev