[tor-bugs] #28741 [Core Tor/sbws]: sbws should send scanner metadata as part of every HTTP request
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 5 23:18:19 UTC 2018
#28741: sbws should send scanner metadata as part of every HTTP request
---------------------------+-----------------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: sbws: 1.0.x-final
Component: Core Tor/sbws | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------+-----------------------------------
Comment (by teor):
Replying to [comment:1 iang]:
> > Non-standard HTTP headers start with "X-".
>
> I thought RFC 6648 deprecated that convention?
Thanks for letting us know.
Replying to [ticket:28741 teor]:
> Here's some things we might want:
> * software-name: sbws
> * software-version
These might be user-agent, unless requests sets its own user agent.
> * scanner-nickname
I'm not sure if there is a generic HTTP header for a nickname or other
client identifier.
> * scanner-IP-address? (pro: discover users who haven't set nickname,
con: discover users)
We should look for a generic HTTP header for the client IP address.
sbws doesn't guarantee any anonymity, and discovering rogue scanners is
more important than the risk of malicious servers using the IP address.
> Assigning to 1.0, because this is vital debugging info.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28741#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list