On Tue, Sep 10, 2024 at 9:25 AM Q Misell via tor-dev tor-dev@lists.torproject.org wrote:
Is there a reason why this proposal extends the existing username/password auth, instead of defining a new SOCKS5 authentication type? c.f. https://datatracker.ietf.org/doc/html/rfc1928#section-3
Indeed there is! The one I was thinking of the most is this:
"Our use of SOCKS5 Username/Passwords here (as opposed to some other, new authentication type) is based on the observation that many existing SOCKS5 implementations support Username/Password, but comparatively few support arbitrary plug-in authentication."
In other words, almost any application that has a working SOCKS5 library can use this system, whereas if we were to define a new authentication type, nearly every application would need to patch their SOCKS5 library, since most SOCKS5 libraries don't let you define new authentication types.
This wouldn't be so bad for applications that implement SOCKS5 themselves, of course.
-- Nick