[tbb-bugs] #14389 [Applications/Tor Browser]: Improve TBB UI of hidden service client authorization

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 21 13:35:20 UTC 2018 

#14389: Improve TBB UI of hidden service client authorization
--------------------------------------------+------------------------------
 Reporter:  asn                             |          Owner:  tbb-team
     Type:  defect                          |         Status:
                                            |  needs_revision
 Priority:  Medium                          |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  tor-hs, tbb-usability, ux-team  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:
--------------------------------------------+------------------------------

Comment (by dgoulet):

 Replying to [comment:22 asn]:
 > Executive summary No2: v2 descriptors do not let us distinguish between
 descs where the auth is enabled or whether they are corrupted, so Tor
 keeps on trying new directories in hope of finding a non-corrupted desc.
 In this sense, the current approach of the patch is not bad.

 Indeed... and not only that but a warning will be emitted because we'll
 try to parse the introduction point using a binary blob (encrypted).

 Proposition:

 Upon receiving a descriptor from the HSDir, if we can parse it (passes
 `rend_parse_v2_service_descriptor()`) but unable to decode intro points,
 we actually keep it in the client cache. Meaning that once Tor browser (or
 tor client) comes back with the authentication token, we don't have to
 refetch it. We'll probably to patch couples things here to make sure that
 we can use a descriptor in our cache with client auth but also that if the
 auth token is invalid, we trigger a `BAD_DESC` event.

 Another approach would be to have a control port option (or torrc) to tell
 tor to keep any invalid but parseable descriptor which TB would enable.
 But honestly, for the sake of simplicity, I think we could easily keep it
 in the client cache which is bound to expire after a while normally.

 That being said, TB does need to check for the `BAD_DESC` event of
 `HS_DESC` mentioned in comment:11. Once you get that, you should prompt
 for a client authorization. If you don't see that event after, it should
 be connecting. Else, tor should trigger the event again and TB should ask
 again for the auth code.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14389#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list