[tor-bugs] #4700 [Core Tor/Tor]: Tor should provide a mechanism for hidden services to differentiate authorized clients and circuits
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Sep 18 13:08:54 UTC 2018
#4700: Tor should provide a mechanism for hidden services to differentiate
authorized clients and circuits
-------------------------------------------------+-------------------------
Reporter: katmagic | Owner: (none)
Type: enhancement | Status:
| needs_revision
Priority: Medium | Milestone: Tor:
| 0.3.5.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-control, needs-proposal, tor- | Actual Points:
hs, needs-design, 035-roadmap-master |
Parent ID: | Points: 10
Reviewer: dgoulet | Sponsor:
-------------------------------------------------+-------------------------
Changes (by nickm):
* status: merge_ready => needs_revision
Comment:
Hi! This patch looks good.
Three things I think we should do here:
* I think that the configuration option should accept "none" in addition
to "haproxy".
* We should link to the spec for this protocol, in the code and in the
manual, and explain which version we support.
* Are we exposing the 'global_identifier' field for an important reason,
or is it just important that we expose _some_ unique value? If it's the
latter case, instead of putting the 'global_identifier' into the IPv6
address and source port directly, I think we should hash them first,
possibly with siphash. It's not that these values are very sensitive, but
I don't want anybody depending on the actual global_identifier layouts
from Tor unless we're exposing them intentionally. (But if we are
exposing them intentionally, we should document that.)
One thing for the future, or maybe I don't understand this:
* Is there some intended way for programs to tell whether a user's
circuit is authenticated, and if so to which user?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4700#comment:29>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list