[tor-dev] Hidden Service authorization UI

Andrea Shepard andrea at torproject.org
Sun Nov 9 16:19:24 UTC 2014

On Sun, Nov 09, 2014 at 12:50:00PM +0000, George Kadianakis wrote:
> I suspect that HS authorization is very rare in the current network,
> and if we believe it's a useful tool, it might be worthwhile to make
> it more useable by people.

Yes, HS authoritzation is rare.  It's rare enough that it was broken
for a whole series of releases and no one noticed or complained.  That
sucks and it should be used more because it probably does help resist
attacks for a large category of use cases.

> For example, it would be interesting if TBB would allow people to
> input a password/pubkey upon visiting a protected HS. Protected HSes
> can be recognized by looking at the "authentication-required" field of
> the HS descriptor. Typing your password on the browser is much more
> useable than editing a config file.

How would Tor Browser learn about this reason for not being able to connect/
tell Tor the authentication info?  This is starting to sound like wanting
SOCKS5 extensions to indicate different causes for connection failures in
#6031 did.

Andrea Shepard
<andrea at torproject.org>
PGP fingerprint (ECC): BDF5 F867 8A52 4E4A BECF  DE79 A4FF BC34 F01D D536
PGP fingerprint (RSA): 3611 95A4 0740 ED1B 7EA5  DF7E 4191 13D9 D0CF BDA5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 328 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20141109/513f72b2/attachment.sig>

More information about the tor-dev mailing list