[tor-dev] Hidden Service authorization UI

Nathan Freitas nathan at freitas.net
Mon Nov 10 13:47:43 UTC 2014

On Sun, Nov 9, 2014, at 07:50 AM, George Kadianakis wrote:
> Hidden Service authorization is a pretty obscure feature of HSes, that
> can be quite useful for small-to-medium HSes.
> For example, it would be interesting if TBB would allow people to
> input a password/pubkey upon visiting a protected HS. Protected HSes
> can be recognized by looking at the "authentication-required" field of
> the HS descriptor. Typing your password on the browser is much more
> useable than editing a config file.

We have been working on implementing an OnionShare feature for Orbot, as
a plugin/add-on. Since the client and the server are both one simple
app, it seems like we could easily implement the HS Authorization
feature. Since the goal is to share a file with a small audience, the
second "client key" approach seems to be the best, most secure approach
to me.

Any thoughts?

More information about the tor-dev mailing list