[tor-bugs] #15991 [Tor]: Option to skip authorization verification in INTRODUCE2 cell
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 11 14:19:50 UTC 2015
#15991: Option to skip authorization verification in INTRODUCE2 cell
-------------------------+---------------------
Reporter: donncha | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor | Version:
Keywords: hs | Actual Points:
Parent ID: | Points:
-------------------------+---------------------
Tor clients include an authorization cookie in the INTRODUCE2 cell when
accessing a hidden service configured with client authorization. The
service verifies the INTRODUCE2 cells and denies request which don't
include (a valid) authorization. I'd like to be able to use stealth
authorization as a means of distributing introduction point information in
a private way. I'd like for clients who eventually receive the decrypted
introduction point data to be able to connect to the hidden service
without needing to know the original authorization cookie.
This would be useful in my Summer of Privacy project to distribute IP data
in a private way while allowing clients to connect as normal (without
authorization) to a published descriptor containing those introduction
points.
I can also see a use case situation where a service would like to
distribute stealth authorization introduction points to a client outside
of the HSDir system by using some other form of client authorization (web
of trust, captcha, etc.).
I'd propose a 'HiddenServiceNoAuthorizationVerify' option to allow service
operators to disable authorization verification of a per service basis. I
think Tor should provide a suitable warning on start up to ensure
operators are aware of the potential consequences of enabling the option.
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
HiddenServiceAuthorizeClient stealth user
HiddenServiceNoAuthorizationVerify 0
If people think this option is a reasonable idea, I can start writing a
patch for the feature.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15991>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list