[tor-bugs] #34362 [Applications/Tor Browser]: Improve Onion Service Authentication prompt
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jun 2 17:43:28 UTC 2020
#34362: Improve Onion Service Authentication prompt
------------------------------------------+----------------------------
Reporter: sysrqb | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: tbb-9.5-issues
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------------
https://blog.torproject.org/comment/288030#comment-288030
pastly commented that the current phrasing implies Tor Browser will send
the private key to the onion service (because the onion service "requested
it").
pastly, subsequently, suggested something like "foo.onion requires you to
authenticate. Please enter the private key for your identity with this
onion service".
The message should imply that the private key is needed for
authentication, but the key is only used locally to prove possession of it
(via crypto magic), and the key is not actually sent to the onion service.
Related: #30237
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34362>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list