On Mon, 5 Aug 2019 at 18:33, Tom Ritter tom@ritter.vg wrote:
On Tue, 2 Jul 2019 at 09:23, Tom Ritter tom@ritter.vg wrote:
Or... something else? Very interested in what David/asn think since they worked on #30382 ...
I never updated this thread after discussing with people on irc.
So the implementation of SOCKS-error-code-for-an-Onion-Service-needs-auth implementation is done. David (if I'm summarizing correctly) felt that the SOCKS Error code approach may not be the best choice given our desire for optimistic data; but felt it was up to the Tor Browser team to decide.
In the goal of something that works for 90%+ of use case today, the rest later, I'll propose the following:
In little-t tor, detect if we're connecting to an onion site, and if so do not early-report SOCKS connection.
Another ugly option is to early-report a successful SOCKS connection even for onion sites, and if we later receive an auth request, send an HTTP error code like 407 that we then detect over in the browser and use to prompt the user. I don't like this because it is considerably more work (I expect), horrible ugly layering violations, and I don't think it will work for https://onion links.
I attached an updated proposal taking this into account, and I'd like to request it be entered into torspec's proposals list.
-tom