[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal 351: Making SOCKS5 authentication extensions extensible

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal 351: Making SOCKS5 authentication extensions extensible
From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
Date: Tue, 10 Sep 2024 14:04:48 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 10 Sep 2024 14:05:24 -0400
In-reply-to: <CAMEWqGu1BrNF-WTm+-hpv5Mns7jTb-QYa0hU2W_Z8vwU-iA+zw@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuwj-DCHuO5M5tK2eO4i1jjrsrotY4iuH5ufJMQtMRWFDA@mail.gmail.com> <CAMEWqGu1BrNF-WTm+-hpv5Mns7jTb-QYa0hU2W_Z8vwU-iA+zw@mail.gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Tue, Sep 10, 2024 at 9:25 AM Q Misell via tor-dev
<tor-dev@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> Is there a reason why this proposal extends the existing username/password auth, instead of defining a new SOCKS5 authentication type? c.f. https://datatracker.ietf.org/doc/html/rfc1928#section-3

Indeed there is!  The one I was thinking of the most is this:

"Our use of SOCKS5 Username/Passwords here (as opposed to some other,
new authentication type) is based on the observation that many
existing SOCKS5 implementations support Username/Password, but
comparatively few support arbitrary plug-in authentication."

In other words, almost any application that has a working SOCKS5
library can use this system, whereas if we were to define a new
authentication type, nearly every application would need to patch
their SOCKS5 library, since most SOCKS5 libraries don't let you define
new authentication types.

This wouldn't be so bad for applications that implement SOCKS5
themselves, of course.

--
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Proposal 351: Making SOCKS5 authentication extensions extensible
  - From: Nick Mathewson
- Re: [tor-dev] Proposal 351: Making SOCKS5 authentication extensions extensible
  - From: Q Misell via tor-dev

Prev by Author: Re: [tor-dev] Restricting SOCKS access now and later (was Re: Proposal 351: Making SOCKS5 authentication extensions extensible)
Next by Author: Re: [tor-dev] Proposal 351: Making SOCKS5 authentication extensions extensible
Previous by thread: Re: [tor-dev] Proposal 351: Making SOCKS5 authentication extensions extensible
Next by thread: Re: [tor-dev] Proposal 351: Making SOCKS5 authentication extensions extensible
Index(es):
- Author
- Thread