[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Hidden Service authorization UI

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Hidden Service authorization UI
From: Nathan Freitas <nathan@xxxxxxxxxxx>
Date: Mon, 10 Nov 2014 08:47:43 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 10 Nov 2014 08:47:57 -0500
In-reply-to: <512753.55494436323938372d31343036383939313433@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <512753.55494436323938372d31343036383939313433@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <87fvdszgg7.fsf@xxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Sun, Nov 9, 2014, at 07:50 AM, George Kadianakis wrote:
> Hidden Service authorization is a pretty obscure feature of HSes, that
> can be quite useful for small-to-medium HSes.
... 
> For example, it would be interesting if TBB would allow people to
> input a password/pubkey upon visiting a protected HS. Protected HSes
> can be recognized by looking at the "authentication-required" field of
> the HS descriptor. Typing your password on the browser is much more
> useable than editing a config file.

We have been working on implementing an OnionShare feature for Orbot, as
a plugin/add-on. Since the client and the server are both one simple
app, it seems like we could easily implement the HS Authorization
feature. Since the goal is to share a file with a small audience, the
second "client key" approach seems to be the best, most secure approach
to me.

Any thoughts?
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Hidden Service authorization UI
  - From: George Kadianakis

Prev by Author: [tor-dev] sending command from Exit node to client
Next by Author: [tor-dev] Patch meeting today at 1700 UTC; one-time day change for tor dev meeting
Previous by thread: Re: [tor-dev] Hidden Service authorization UI
Next by thread: Re: [tor-dev] Hidden Service authorization UI
Index(es):
- Author
- Thread