[tor-bugs] #4700 [Core Tor/Tor]: Tor should provide a mechanism for hidden services to differentiate authorized clients and circuits

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Sep 18 13:08:54 UTC 2018 

#4700: Tor should provide a mechanism for hidden services to differentiate
authorized clients and circuits
-------------------------------------------------+-------------------------
 Reporter:  katmagic                             |          Owner:  (none)
     Type:  enhancement                          |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.5.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-control, needs-proposal, tor-    |  Actual Points:
  hs, needs-design, 035-roadmap-master           |
Parent ID:                                       |         Points:  10
 Reviewer:  dgoulet                              |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by nickm):

 * status:  merge_ready => needs_revision


Comment:

 Hi!  This patch looks good.

 Three things I think we should do here:
   * I think that the configuration option should accept "none" in addition
 to "haproxy".
   * We should link to the spec for this protocol, in the code and in the
 manual, and explain which version we support.
   * Are we exposing the 'global_identifier' field for an important reason,
 or is it just important that we expose _some_ unique value?  If it's the
 latter case, instead of putting the 'global_identifier' into the IPv6
 address and source port directly, I think we should hash them first,
 possibly with siphash.  It's not that these values are very sensitive, but
 I don't want anybody depending on the actual global_identifier layouts
 from Tor unless we're exposing them intentionally.  (But if we are
 exposing them intentionally, we should document that.)

 One thing for the future, or maybe I don't understand this:
   * Is there some intended way for programs to tell whether a user's
 circuit is authenticated, and if so to which user?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4700#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list