[tor-bugs] #14389 [Tor]: Improve TBB UI of hidden service client authorization
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 12 22:01:18 UTC 2015
#14389: Improve TBB UI of hidden service client authorization
------------------------+--------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.???
Component: Tor | Version:
Resolution: | Keywords: tor-hs
Actual Points: | Parent ID:
Points: |
------------------------+--------------------------
Comment (by asn):
So as I understand it, the idea here is:
i. User visits protected onion through TBB.
ii. Tor fetches the descriptor and learns its encrypted.
iii. Tor asks TBB through the control port for the shared secret of this
onion.
iv. TBB presents user with an "enter your shared secret" dialog.
v. User inputs secret, TBB passes secret back to Tor through control port.
vi. Tor is now able to decrypt descriptor and continue connecting.
This seems like it would require writing some control port functionality.
And since I'm browser illiterate, I have no idea how easy it is to present
such dialogs to the user, and whether they can be pinned down to a
specific tab (so that the user knows which website is causing it).
Another more pragmatic approach could be a menu that can be accessed by
the TBB user at any time, where the user can put the onion address and the
shared secret, and TBB will use that credential every time it encounters
that onion address. In this case TBB could maybe just do `SETCONF
HidServAuth` directly, without writing more control port functionality,
but more thinking is needed.
For further bikeshedding, maybe we could also have an option on whether
the user wants to save the secret on disk.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14389#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list