[tor-bugs] #34362 [Applications/Tor Browser]: Improve Onion Service Authentication prompt

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#34362: Improve Onion Service Authentication prompt
------------------------------------------+----------------------------
     Reporter:  sysrqb                    |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  tbb-9.5-issues
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------------
 https://blog.torproject.org/comment/288030#comment-288030

 pastly commented that the current phrasing implies Tor Browser will send
 the private key to the onion service (because the onion service "requested
 it").

 pastly, subsequently, suggested something like "foo.onion requires you to
 authenticate. Please enter the private key for your identity with this
 onion service".

 The message should imply that the private key is needed for
 authentication, but the key is only used locally to prove possession of it
 (via crypto magic), and the key is not actually sent to the onion service.

 Related: #30237

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34362>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs