[tor-dev] Hidden Service authorization UI

Jacob Appelbaum jacob at appelbaum.net
Sun Nov 9 19:58:42 UTC 2014

> In the future "Next Generation Hidden Services" specification there
> are again two ways to do authorization:
> https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/224-rend-spec-ng.txt#l1446
> One way is with a password and the other is with a public key.

A {shared secret,key} and a user specific onion?

> I suspect that HS authorization is very rare in the current network,
> and if we believe it's a useful tool, it might be worthwhile to make
> it more useable by people.

I've used this feature extensively. I love it.

> For example, it would be interesting if TBB would allow people to
> input a password/pubkey upon visiting a protected HS. Protected HSes
> can be recognized by looking at the "authentication-required" field of
> the HS descriptor. Typing your password on the browser is much more
> useable than editing a config file.

That sounds interesting.

All the best,

More information about the tor-dev mailing list