[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #27953 [Core Tor/Tor]: Authorization types for v3 onion service have to be clarified in documentation

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #27953 [Core Tor/Tor]: Authorization types for v3 onion service have to be clarified in documentation
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 09 Jan 2019 13:30:45 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 09 Jan 2019 08:30:56 -0500
In-reply-to: <045.7ea42561fc2bb07f034ec049736d61a8@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.7ea42561fc2bb07f034ec049736d61a8@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#27953: Authorization types for v3 onion service have to be clarified in
documentation
---------------------------------------+----------------------------------
 Reporter:  geoip                      |          Owner:  (none)
     Type:  defect                     |         Status:  reopened
 Priority:  Medium                     |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor               |        Version:
 Severity:  Normal                     |     Resolution:
 Keywords:  tor-spec, tor-hs, hs-auth  |  Actual Points:
Parent ID:                             |         Points:
 Reviewer:                             |        Sponsor:
---------------------------------------+----------------------------------
Changes (by geoip):

 * status:  closed => reopened
 * resolution:  duplicate =>
 * parent:  #28026 =>


Comment:

 Replying to [comment:4 teor]:
 > If not, please re-open this ticket and let us know what the remaining
 issues are.
 If is good that now we have CLIENT AUTHORIZTION section in man torrc, but
 all other issues I reported in  this ticket are still in place.

 >> [TODO: Also specify stealth client authorization.].
 > However, stealth auth is only used for v2 onion services. It should be
 fixed.
 It is still in spec. It is still not stated to what HS type (v3 or v3 or
 both) it is applicable. This "TODO" is still needed to be done, if stealth
 auth is applicable to v3.

 > According to teor's comment the following auth types were planned:
 'descriptor', 'intro', and 'standard'. However, only 'descriptor' type is
 documented by spec (man page for tor alpha refers to spec for details).
 Other auth types are not documented at all, though spec gives a strong
 impression that 'descriptor' is only one of possible authentication types.
 How it was addressed? Can you give clear and concise description of auth
 types? Do you still plan to add other auth types? Are they needed? How
 they are related each to other? It is not described anywhere.

 It is good that man page now clearly states that "descriptor" is the only
 supported type. But I'ld like to see in spec or somewhere else also about
 prospects concerning other auth types.

 man torrc says
 > Each file MUST contain one line only. Any malformed file will be
 ignored.
 which is incompatible with spec (G.1.2, G.1.3):
 > Tor SHOULD ignore lines it does not recognize.

 > The third party tool SHOULD add appropriate headers to the private key
 file to ensure that users won't accidentally give out their private key.
 As you see, headers should be supported, but ignored by tor. Instead, you
 write in man torrc that only one line must be in auth file.

 G.2.1:
 > [XXX figure out control port command format]
 Must be described.

 In spec in G.2.2 syntax of commands IMPORT_ONION_CLIENT_AUTH_DATA and
 GENERATE_ONION_CLIENT_AUTH_DATA are not described. In control-spec they
 are not described too. Are they implemented?

 > [XXX what happens when people use both the control port interface and
 the filesystem interface?]
 If even spec doesn't know how tor works, how users can know that?

 I had to remove reference to parent ticket because I cannot reopen this
 ticket with this reference.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27953#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #28975 [HTTPS Everywhere]: HTTPS Everywhere missing icon
Next by Author: [tor-bugs] #29009 [Core Tor/Tor]: PrivCount proof of concept: use blinding and Shamir secret sharing
Previous by thread: Re: [tor-bugs] #27905 [Applications/Tor Browser]: many occurrences of "Firefox" in about:preferences
Next by thread: Re: [tor-bugs] #28761 [Core Tor/sbws]: sbws ignores config option `to_syslog`
Index(es):
- Author
- Thread