Re: [tor-bugs] #2553 [Tor Hidden Services]: tor2web mode for accessing hidden services

["Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>]

#2553: tor2web mode for accessing hidden services
---------------------------------+------------------------------------------
 Reporter:  arma                 |          Owner:  rransom     
     Type:  enhancement          |         Status:  needs_review
 Priority:  normal               |      Milestone:              
Component:  Tor Hidden Services  |        Version:              
 Keywords:                       |         Parent:  #2552       
   Points:                       |   Actualpoints:              
---------------------------------+------------------------------------------
Changes (by rransom):

 * cc: hellais (added)


Comment:

 Replying to [comment:7 nickm]:
 > I think I like it!
 >
 > Some code issues you shouldn't have to fix:
 >   * I find the more complicated asserts hard to read.  I'll refactor
 them if we merge, though; my confusion is my own problem.
 >   * directory_initiate_command_routerstatus_rend()'s interface  sure is
 hideous, isn't it? We should do something about that.  Not a problem
 introduced by this patch, though.
 >
 > Also, the security implications of having a "don't be anonymous" mode
 worry me some.  Can we do more to make sure that no user ever thinks that
 turning this on is a good idea?

 A warning-level log message at startup and/or whenever the configuration
 is modified/reloaded is probably appropriate.

 > The check in connection_ap_rewrite_and_attach is a good start, but I
 worry about accidentally breaking it later.  Can we have this whole
 feature be disabled unless the user supplies a compile-time option, for
 instance?

 Yes.  The best place to put a `#ifdef` is in `src/or/config.c`; it should
 require that Tor2webMode be unconfigured or off when the feature is not
 enabled at compile time, and it should require that Tor2webMode be
 explicitly turned on when the feature ''is'' enabled at compile time.
 (Otherwise distribution packages might turn the compile-time flag on for
 everyone, thus defeating its purpose.)

 > (Is there any reason not to do that?)

 I didn't do that because I don't understand GNU autotools.

 > Also, have the tor2web people tried this out?

 Yes.  I'm CC-ing hellais, who says that he has tested this branch.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2553#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs