[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #4700 [Core Tor/Tor]: Tor should provide a mechanism for hidden services to differentiate authorized clients and circuits
#4700: Tor should provide a mechanism for hidden services to differentiate
authorized clients and circuits
-------------------------------------------------+-------------------------
Reporter: katmagic | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-control, needs-proposal, tor-hs | Actual Points:
needs-design, 035-proposed |
Parent ID: | Points: 10
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by mahrud):
* cc: mahrud (added)
Comment:
Sorry I forgot to give any feedback for this. It worked well! At some
point in the future it might be a good idea to implement the v2 protocol
as well.
Regarding torrc options:
Can you also add an option for encoding the circuit ID in the port or in
the source IP?For our specific application using the last 32 bits of a
private ipv6 subnet (like fc00::/7) is ideal for two reasons:
1. This is a large private subnet, so we don't accidentally collide with
anyone else's IP.
2. The rest of the pipeline can simply look at that IP and pretend
everything is normal, no need to implement special logic to parse the port
numbers.
The only requirement is to implement a proxy protocol server in the normal
pipeline, which is already done.
Perhaps `HiddenServiceExportCircuitID proxy port` for ahf's implementation
and `proxy srcIP fdXX:XXXX:.../96` for my suggestion?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4700#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs