Date: Mon, 4 May 2015 16:07:20 -0400
From: CJ Ess <zxcvbn4038@gmail.com>
Thanks for going into so much detail, you've given me a lot to think about.
The real solution is probably the one that nobody wants to take on - having
an application HTTP port that could take direct input from HTTP aware stuff
and utilize a richer set of information then SOCKS allows for. I've spent a
couple evenings looking to see if I could take the code stuff from the
dirport and use it for that purpose. I need to spend another couple
evenings and and go back and look at the SOCKS4 stuff, I've just recently
realized that the state machine for that is closer to an http
request/response.
CJ,
Pluggable transports are designed to arbitrarily change how tor makes outgoing connections. The existing transports are used for obfuscation, but they could be used for dynamic proxy authentication as well. (Some do take authentication arguments.)
You'd just have to work out which user to authenticate each tor connection with - which is a difficult question of policy. This arises because tor only makes a small number of long-term connections to a few guard nodes, and multiplexes multiple streams over these connections.