[tor-bugs] #6383 [Flashproxy]: Email registration helper
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Jul 13 09:09:01 UTC 2012
#6383: Email registration helper
------------------------+---------------------------------------------------
Reporter: dcf | Owner: dcf
Type: defect | Status: new
Priority: normal | Milestone:
Component: Flashproxy | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Make a {{{flashproxy-reg-email}}} program.
My proposed idea for this: Make an SSL connection to smtp.gmail.com:587.
Verify the certificate using the same pinned certificate used by Chromium
from
https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state_static.certs?view=markup
(I think the order of that file is the same as {{{enum
SecondLevelDomainName}}} in
https://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state.cc?view=markup).
Encrypt the message body (containing the client IP address and port) using
a public key generated specifically for this registration method. A
backend program retrieves and decrypts the messages and sends them to the
facilitator.
Most people probably use Gmail using a browser rather than STMP, so this
may be conspicuous. I wouldn't want to take a chance of using a browser
and possibly someone's identifiable cookies. Another possibility is for
users to send their client registration using plaintext, manually with
their own email client. But this has the big downsides of allowing Google
to see all the registrations, and also we don't want to know people's
email addresses.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6383>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list