[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #6383 [Flashproxy]: Email registration helper
#6383: Email registration helper
------------------------+---------------------------------------------------
Reporter: dcf | Owner: dcf
Type: defect | Status: new
Priority: normal | Milestone:
Component: Flashproxy | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Make a {{{flashproxy-reg-email}}} program.
My proposed idea for this: Make an SSL connection to smtp.gmail.com:587.
Verify the certificate using the same pinned certificate used by Chromium
from
https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state_static.certs?view=markup
(I think the order of that file is the same as {{{enum
SecondLevelDomainName}}} in
https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc?view=markup).
Encrypt the message body (containing the client IP address and port) using
a public key generated specifically for this registration method. A
backend program retrieves and decrypts the messages and sends them to the
facilitator.
Most people probably use Gmail using a browser rather than STMP, so this
may be conspicuous. I wouldn't want to take a chance of using a browser
and possibly someone's identifiable cookies. Another possibility is for
users to send their client registration using plaintext, manually with
their own email client. But this has the big downsides of allowing Google
to see all the registrations, and also we don't want to know people's
email addresses.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6383>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs