[tor-bugs] #6060 [Tor Client]: add http proxy support to Tor
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Sep 26 01:44:55 UTC 2012
#6060: add http proxy support to Tor
-------------------------+--------------------------------------------------
Reporter: proper | Owner: arma
Type: enhancement | Status: assigned
Priority: normal | Milestone: Tor: very long term
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by nickm):
Replying to [comment:26 ioerror]:
> Replying to [comment:23 nickm]:
> > Replying to [comment:16 ioerror]:
> > > Replying to [comment:15 nickm]:
> > > > "Audit shim and bring it up-to-date" is a reasonable thing to do.
> > >
> > > I'm not sure what it needs - it compiles without warnings (yay) and
it seems to function just as it should. It looks "finished" in as much as
any C program. :)
> > >
> > > It does need compiler hardening and all that stuff added, of course.
> >
> > What it needs IMO is auditing for security and standards compliance.
>
> Ok - I think both of those are reasonable. What is the absolute
canonical git repo? Is it yours?
There is none; mine is the closest there is.
> If so, I'd be willing to perform both of those audits. I would like some
guidance of which standards matter to us and what specific security issues
that concern us.
Well, if it's going to claim to be an HTTP proxy, it should implement some
version of HTTP. Probably 1.1?
I don't know which specific security issues most affect http proxies.
[...]
> Any requirements of such a thing - regardless of where we put it - I'm
open to considering and trying to resolve.
>
> >
> > > > Somebody would need to take on the responsibility of being shim
maintainer. I don't know that shipping shim by default would make senese.
> > >
> > > The open question for me is - "what would it take to make an HTTP
proxy port a Tor configuration line as we have with SOCKSPort?"
> >
> > For me, that's not a goal. Tor is not an all-singing all-dancing all-
purpose application launcher, nor do I want to push '''more''' code into
the main Tor process. I'd like us to move in the direction of moving
functionality ''out'' of Tor.
> >
>
> Ok, I think our goals aren't so different here. I don't want a full HTTP
proxy with caching - I want the most minimal thing that will help reduce
harm for our users. I think there is a balance to be struck and that is
what happened with DNSPort - it is a minimal thing that at least gives
'''some''' of the features that our users need. It has been extremely
handy, even if imperfect or limited; it isn't standards compliant but holy
cow, it is useful!
>
> I am hoping to solve this with a clean design in #6948 - so I totally
hear you. I'm '''also''' in favor of that as a reality, sooner rather than
later. If we can solve #6948, I would say we could break out each of these
things quite nicely and move more and more code out of Tor proper. I am
totally a fan of that '''while''' also being concerned that we may not
succeed anytime soon.
Is *that* what #6948 was about? I have no idea what a zygote is, or why
shared memory mutexes were something we needed, so I kinda assumed it was
an 'implementation technique' ticket, not a 'better architecture' ticket.
[...]
> Ok. That settles it, I guess. If both options are rejected, even as a
thread that doesn't loop to a SocksPort, I'll continue with designs in
#6948.
Well, nothing is ''settled'' -- I can be wrong, and I hope I can change my
mind if I am.
But I don't think I'm wrong here. HTTP is a very complex protocol, and I
think about 100% of what you'd need to do with an HTTP proxy can be done
out-of-process from Tor, as I understand it.
If the only argument against a separate proxy is "but then you would have
to run two programs", I don't think it's a great one, since having more
processes is the direction we should IMO be moving towards, for better
security and modularity.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6060#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list