[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Hidden Service authorization UI



On Sun, Nov 09, 2014 at 12:50:00PM +0000, George Kadianakis wrote:
> I suspect that HS authorization is very rare in the current network,
> and if we believe it's a useful tool, it might be worthwhile to make
> it more useable by people.

Yes, HS authoritzation is rare.  It's rare enough that it was broken
for a whole series of releases and no one noticed or complained.  That
sucks and it should be used more because it probably does help resist
attacks for a large category of use cases.

> For example, it would be interesting if TBB would allow people to
> input a password/pubkey upon visiting a protected HS. Protected HSes
> can be recognized by looking at the "authentication-required" field of
> the HS descriptor. Typing your password on the browser is much more
> useable than editing a config file.

How would Tor Browser learn about this reason for not being able to connect/
tell Tor the authentication info?  This is starting to sound like wanting
SOCKS5 extensions to indicate different causes for connection failures in
#6031 did.

-- 
Andrea Shepard
<andrea@xxxxxxxxxxxxxx>
PGP fingerprint (ECC): BDF5 F867 8A52 4E4A BECF  DE79 A4FF BC34 F01D D536
PGP fingerprint (RSA): 3611 95A4 0740 ED1B 7EA5  DF7E 4191 13D9 D0CF BDA5

Attachment: pgpj0wo368pn1.pgp
Description: PGP signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev