On Sun, Nov 09, 2014 at 12:50:00PM +0000, George Kadianakis wrote:
I suspect that HS authorization is very rare in the current network, and if we believe it's a useful tool, it might be worthwhile to make it more useable by people.
Yes, HS authoritzation is rare. It's rare enough that it was broken for a whole series of releases and no one noticed or complained. That sucks and it should be used more because it probably does help resist attacks for a large category of use cases.
For example, it would be interesting if TBB would allow people to input a password/pubkey upon visiting a protected HS. Protected HSes can be recognized by looking at the "authentication-required" field of the HS descriptor. Typing your password on the browser is much more useable than editing a config file.
How would Tor Browser learn about this reason for not being able to connect/ tell Tor the authentication info? This is starting to sound like wanting SOCKS5 extensions to indicate different causes for connection failures in #6031 did.