[tor-bugs] #15588 [Tor]: Allow client authorization on control port ADD_ONION services

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 14 04:22:03 UTC 2015


#15588: Allow client authorization on control port ADD_ONION services
-----------------------------+-------------------------------------------
     Reporter:  special      |      Owner:  special
         Type:  enhancement  |     Status:  needs_review
     Priority:  normal       |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:  hidden-service control tor-hs
Actual Points:               |  Parent ID:  #8993
       Points:               |
-----------------------------+-------------------------------------------
Changes (by special):

 * status:  new => needs_review


Old description:

> We should extend the control port ADD_ONION command from #6411 to support
> HS client authorization. This would be useful to Ricochet, and probably
> other projects.
>
> It's also more important to allow changing an existing service when we
> might want to add or remove authorized clients, so an UPDATE_ONION
> command would be useful and probably not difficult.
>
> I'd like to see this done before 0.2.7 is final, so I'm going to look
> into it. I've started on the specification at:
>
> https://github.com/special/torspec/compare/feature6411_v2...onion-client-
> auth

New description:

 We should extend the control port ADD_ONION command from #6411 to support
 HS client authorization. This would be useful to Ricochet, and probably
 other projects.

 It's also more important to allow changing an existing service when we
 might want to add or remove authorized clients, so an UPDATE_ONION command
 would be useful and probably not difficult.

 I'd like to see this done before 0.2.7 is final, so I'm going to look into
 it.

--

Comment:

 A specification and implementation for this are on my feature15588
 branches of torspec and tor:

 https://gitweb.torproject.org/user/special/torspec.git/log/?h=feature15588
 https://gitweb.torproject.org/user/special/tor.git/log/?h=feature15588

 This currently only implements the "basic" authorization method. "stealth"
 is slightly more complex, because it has a credential that is private to
 the service and one that is shared with the client.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15588#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list