Re: Proposal: Hidden Service Authentication

[Robert Hogan <robert@xxxxxxxxxxxxxxx>]

On Wednesday 26 September 2007 15:20:29 Karsten Loesing wrote:
> Hi everyone,
>
> we would like to propose an extension of Tor hidden services towards
> providing authentication. This includes authentication at the hidden
> service and at introduction points, both either via password or
> public-key authentication.
>
> This gives us the new security property of access control, improves
> hiding service activity from unauthorized clients, and reduces traffic
> by dropping false requests as soon as possible.
>
> Comments are welcome! :)
>
> --Tobias, Thomas, Karsten, Ferdinand, and Christoph

I think I can see how tor might manage all this stuff in a fairly transparent 
way but it would be useful to be explicit about what input tor needs from the 
user during the authentication and when/how it should be gathered.

For example, it's not clear to me how (or even if) the tor client gathers the 
password  from the user when connecting to a specific hidden service. Does 
the user specify it in their torrc for that hidden service?


-- 

Browse Anonymously Anywhere	- http://anonymityanywhere.com
TorK	- KDE Anonymity Manager	- http://tork.sf.net
KlamAV	- KDE Anti-Virus 	- http://www.klamav.net