[tor-bugs] #18759 [Tor]: Extend onion address to include authentication data
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 8 00:06:34 UTC 2016
#18759: Extend onion address to include authentication data
----------------------------------------------------+---------------------
Reporter: twim | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: authenticated, hs, rendclient, address | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------------------+---------------------
Comment (by twim):
> But we abandoned this design when we realized that client applications
like browsers were sending the whole address along in their Host: header,
so putting sensitive things there is going to cause surprises and bad
results.
Yes they are.
But is this data sensitive at all? An onion service already knows this
data (the service has generated these cookies). It's also not going to
make these cookies playing role of selectors to track users. An onion
service can do it by obseriving the set of IPs from which it was reached.
> bad results
What do you mean?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18759#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list