[tbb-bugs] #14389 [Applications/Tor Browser]: little-t-tor: Provide support for better TBB UI of hidden service client authorization
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Apr 18 10:47:59 UTC 2019
#14389: little-t-tor: Provide support for better TBB UI of hidden service client
authorization
-------------------------------------------------+-------------------------
Reporter: asn | Owner: tbb-
| team
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tor-hs, tbb-usability, ux-team, hs- | Actual Points:
auth |
Parent ID: #30237 | Points:
Reviewer: | Sponsor:
| Sponsor27-must
-------------------------------------------------+-------------------------
Description changed by asn:
Old description:
> The current hidden service spec allows clients to authenticate themselves
> using auth-cookies. The future proposal 224 will allow clients to
> authenticate using username/password or pubkey.
>
> Currently users have to edit their torrc and add HidServAuth lines for
> the hidden services that require authorization. In the future, it would
> be nicer if TBB had an interface for users to type in their authorization
> credentials.
>
> Tor knows whether an HS needs authorization, because the intro list is
> encrypted. Tor would have to somehow transfer this knowledge to TBB, so
> that the browser can present a nice UI that the user can fill on the go.
>
> Furthermore, with the future username/password authorization and this UI
> improvement, it won't be necessary for people to write on their torrc
> which hidden services they visit and what's their auth-cookie.
>
> This is a ticket about finding out what mods need to happen in
> little-t-tor, and coordinating the development of this feature.
New description:
**This is the network-team-side of ticket #30237.
**
The current hidden service spec allows clients to authenticate themselves
using auth-cookies. The future proposal 224 will allow clients to
authenticate using username/password or pubkey.
Currently users have to edit their torrc and add HidServAuth lines for the
hidden services that require authorization. In the future, it would be
nicer if TBB had an interface for users to type in their authorization
credentials.
Tor knows whether an HS needs authorization, because the intro list is
encrypted. Tor would have to somehow transfer this knowledge to TBB, so
that the browser can present a nice UI that the user can fill on the go.
Furthermore, with the future username/password authorization and this UI
improvement, it won't be necessary for people to write on their torrc
which hidden services they visit and what's their auth-cookie.
This is a ticket about finding out what mods need to happen in
little-t-tor, and coordinating the development of this feature.
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14389#comment:37>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list