Proposal: Hidden Service Authentication

Robert Hogan robert at
Wed Sep 26 19:33:36 UTC 2007

On Wednesday 26 September 2007 15:20:29 Karsten Loesing wrote:
> Hi everyone,
> we would like to propose an extension of Tor hidden services towards
> providing authentication. This includes authentication at the hidden
> service and at introduction points, both either via password or
> public-key authentication.
> This gives us the new security property of access control, improves
> hiding service activity from unauthorized clients, and reduces traffic
> by dropping false requests as soon as possible.
> Comments are welcome! :)
> --Tobias, Thomas, Karsten, Ferdinand, and Christoph

I think I can see how tor might manage all this stuff in a fairly transparent 
way but it would be useful to be explicit about what input tor needs from the 
user during the authentication and when/how it should be gathered.

For example, it's not clear to me how (or even if) the tor client gathers the 
password  from the user when connecting to a specific hidden service. Does 
the user specify it in their torrc for that hidden service?


Browse Anonymously Anywhere	-
TorK	- KDE Anonymity Manager	-
KlamAV	- KDE Anti-Virus 	-

More information about the tor-dev mailing list