[tor-dev] Exposing onion service errors to Tor Browser

Drew at FoundingDocuments.org Drew at FoundingDocuments.org
Wed Oct 2 22:10:29 UTC 2019

> On Sep 30, 2019, at 8:15am, George Kadianakis <desnacked at riseup.net> wrote:
> Hello list,
> we've recently been thinking about how to expose onion-service-related
> errors to Tor Browser so that we can give more useful error pages to
> users.  We currently return "Unable to connect" error pages for any kind
> of onion service error, and I think we can do better.


In doing a quick read of [1] X'F0' to X'F5’  it looks like most might describe potential day-to-day connections, but I’m not sure about the last two: X'F4' Onion Service Missing Client Authorization  & X'F5' Onion Service Wrong Client Authorization.

Please forgive me if I misunderstand things, but I thought leaked v3.onion addresses with (properly set up) authorized onion services (authorized_clients/*.auth & corresponding client-side .auth_private) can’t be loaded. Thus providing instant, inexpensive DOS protection, and denying the malevolent (and anyone) the opportunity to even know a specific onion address is in use. And keeping them from trying again later, and again, etc.

I am definitely in favor of feedback and clear error reporting, but I am not clear about how these authorization-only onion services will be affected. 

Is tor going to be changed such that unauthorized clients -- clients without a proper .auth_private file -- are going to be able to learn if a specific .onion domain is in use? Will the local tor inform the user that in effect that onion address is in use but perhaps X'F4' or X'F5' ?

[1] Extending SOCKS5 Onion Service Error Codes, https://gitweb.torproject.org/torspec.git/tree/proposals/304-socks5-extending-hs-error-codes.txt   Lines 62-93.

[2] Tor Rendezvous Specification - Version 3, https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt, First Appendix F & Appendix G. Using file system means, not control ports. 

> = Client-level errors =
> === 1) Typo error on address ===
>    This can be detected by Tor using the checksum or if the address is
>    too big or too small.
>    TODO: We will need to add a new error code to prop304. Not sure if
>    the error code should distinguish between checksum fail or length fail.
>    There is no recovery here since the address is busted. The user
>    needs to find the right one.

There is an opportunity here for at least a tiny amount of education about onion addresses.  Perhaps copy the address to the page in an edit box and use JavaScript to help the user to fix it up? Perhaps a non base32 character got in. Maybe they didn’t paste in the whole address but missed part of it. 

I would suggest a few simple graphics and sentences explaining the vast address space of v3 onions, with a fun simple time calculation perhaps, to show how one would not want to try all the variations that might exist on a “misspelled” .onion address.

Thank you and have a nice day. 

More information about the tor-dev mailing list