[tor-dev] Hidden Service authorization UI
Jacob Appelbaum
jacob at appelbaum.net
Sun Nov 9 19:58:42 UTC 2014
> In the future "Next Generation Hidden Services" specification there
> are again two ways to do authorization:
> https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/224-rend-spec-ng.txt#l1446
> One way is with a password and the other is with a public key.
A {shared secret,key} and a user specific onion?
>
> I suspect that HS authorization is very rare in the current network,
> and if we believe it's a useful tool, it might be worthwhile to make
> it more useable by people.
>
I've used this feature extensively. I love it.
> For example, it would be interesting if TBB would allow people to
> input a password/pubkey upon visiting a protected HS. Protected HSes
> can be recognized by looking at the "authentication-required" field of
> the HS descriptor. Typing your password on the browser is much more
> useable than editing a config file.
That sounds interesting.
All the best,
Jacob
More information about the tor-dev
mailing list