Proposal: Hidden Service Authentication
robert at roberthogan.net
Wed Sep 26 19:33:36 UTC 2007
On Wednesday 26 September 2007 15:20:29 Karsten Loesing wrote:
> Hi everyone,
> we would like to propose an extension of Tor hidden services towards
> providing authentication. This includes authentication at the hidden
> service and at introduction points, both either via password or
> public-key authentication.
> This gives us the new security property of access control, improves
> hiding service activity from unauthorized clients, and reduces traffic
> by dropping false requests as soon as possible.
> Comments are welcome! :)
> --Tobias, Thomas, Karsten, Ferdinand, and Christoph
I think I can see how tor might manage all this stuff in a fairly transparent
way but it would be useful to be explicit about what input tor needs from the
user during the authentication and when/how it should be gathered.
For example, it's not clear to me how (or even if) the tor client gathers the
password from the user when connecting to a specific hidden service. Does
the user specify it in their torrc for that hidden service?
Browse Anonymously Anywhere - http://anonymityanywhere.com
TorK - KDE Anonymity Manager - http://tork.sf.net
KlamAV - KDE Anti-Virus - http://www.klamav.net
More information about the tor-dev