Re: [tor-bugs] #30382 [Core Tor/Tor]: Provide control port event for when we are missing v3 client auth for an onion

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#30382: Provide control port event for when we are missing v3 client auth for an
onion
-------------------------------------------------+-------------------------
 Reporter:  asn                                  |          Owner:  dgoulet
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.4.2.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-hs, tbb-usability, hs-auth,      |  Actual Points:
  network-team-roadmap-2019-Q1Q2, tor-spec       |
Parent ID:  #14389                               |         Points:  6
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor27-must
-------------------------------------------------+-------------------------

Comment (by dgoulet):

 Replying to [comment:12 mcs]:
 > Replying to [comment:11 dgoulet]:
 > > In my torspec repo:
 https://git.torproject.org/user/dgoulet/torspec.git
 > >
 > > Branch: `ticket30382_01`
 > >
 > > I think there are too many codes there for what we need here but I
 wanted to at least get the basic errors implemented as well. The last two
 are the one TB needs for this.
 >
 > Kathy and I think the proposal looks good. Just a couple of comments:
 > - I had trouble understanding the note near the beginning. Maybe reword
 to: "When Tor Browser supports HTTPCONNECT, we plan to stop using these
 SOCKS5 extensions."

 Was mostly a "future warning" for us to only extend SOCKS5 error code
 because it is a "bandaid" and ultimately `HTTPCONNECT` is the way forward.
 I'll rephrase.

 > - Regarding compatibility, it seems like it would be safer for tor to
 not emit these new error codes unless enabled via a config option (maybe a
 SocksPort flag). Otherwise, non Tor Browser clients that use the SocksPort
 may be unhappy. Or maybe enable by default but provide an "escape hatch"
 that allows them to be disabled somehow.

 Hmmm `SocksPort` flag could be an option. The other way is to create a new
 authentication method like prop229 does and thus the new error code are
 only returned if TB authenticated with this method. Former is simple,
 later is more involving but probably more portable for future compat?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30382#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs