[tbb-bugs] #30237 [Applications/Tor Browser]: Tor Browser: Improve TBB UI of hidden service client authorization

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu May 2 16:29:47 UTC 2019

#30237: Tor Browser: Improve TBB UI of hidden service client authorization
 Reporter:  asn                       |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeam201904      |  Actual Points:
Parent ID:  #30000                    |         Points:
 Reviewer:                            |        Sponsor:  Sponsor27-must

Comment (by asn):

 Replying to [comment:2 antonela]:
 > Following the specs, we don't have user/password, end-users just have a
 private key. So, I updated the first user story's UI.

 Looks good. Not sure how we can do better than "Private Key" but perhaps
 we should. Perhaps we can write "Personal key" or "key" and then have more
 info in a "?" box?
 No idea...

 > We should work on this validation. I made a first approach for this
 content, please feel free to suggest/add/remove any of this lines:
 > ||= Type =||= Error =||= UI Message =||
 > || User Input ||incomplete form|| Please, enter your private key ||
 > || User Input ||over/under character or word count|| Must have 52
 characters ||
 > || System Error ||misspelled errors|| The private key is wrong. Try
 again. ||
 > || System Error ||connectivity issues|| There was an error. Check your
 internet connection and try again. ||
 > || System Error ||failure to load|| There was an error handling your
 request. Try again. ||
 > Which else error scenario should we consider?

 The first two errors can indeed be detected and IMO should be detected.

 The `misspelled errors` can be detected (by checking whether we could
 decrypt the descriptor with the key), but depending on how communication
 channel between TB<->Tor works, we might not learn the result on time to
 keep the auth dialog open. So we would have to respawn the auth dialog to
 throw the error. Does this make sense, and is it ok?

 Same for `connectivity issues` and `failure to load` but perhaps this
 should be handled the same way as #30025?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30237#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list