[tor-bugs] #14389 [Applications/Tor Browser]: little-t-tor: Provide support for better TBB UI of hidden service client authorization

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 18 10:47:59 UTC 2019


#14389: little-t-tor: Provide support for better TBB UI of hidden service client
authorization
-------------------------------------------------+-------------------------
 Reporter:  asn                                  |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-hs, tbb-usability, ux-team, hs-  |  Actual Points:
  auth                                           |
Parent ID:  #30237                               |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor27-must
-------------------------------------------------+-------------------------
Description changed by asn:

Old description:

> The current hidden service spec allows clients to authenticate themselves
> using auth-cookies. The future proposal 224 will allow clients to
> authenticate using username/password or pubkey.
>
> Currently users have to edit their torrc and add HidServAuth lines for
> the hidden services that require authorization. In the future, it would
> be nicer if TBB had an interface for users to type in their authorization
> credentials.
>
> Tor knows whether an HS needs authorization, because the intro list is
> encrypted. Tor would have to somehow transfer this knowledge to TBB, so
> that the browser can present a nice UI that the user can fill on the go.
>
> Furthermore, with the future username/password authorization and this UI
> improvement, it won't be necessary for people to write on their torrc
> which hidden services they visit and what's their auth-cookie.
>
> This is a ticket about finding out what mods need to happen in
> little-t-tor, and coordinating the development of this feature.

New description:

 **This is the network-team-side of ticket #30237.
 **
 The current hidden service spec allows clients to authenticate themselves
 using auth-cookies. The future proposal 224 will allow clients to
 authenticate using username/password or pubkey.

 Currently users have to edit their torrc and add HidServAuth lines for the
 hidden services that require authorization. In the future, it would be
 nicer if TBB had an interface for users to type in their authorization
 credentials.

 Tor knows whether an HS needs authorization, because the intro list is
 encrypted. Tor would have to somehow transfer this knowledge to TBB, so
 that the browser can present a nice UI that the user can fill on the go.

 Furthermore, with the future username/password authorization and this UI
 improvement, it won't be necessary for people to write on their torrc
 which hidden services they visit and what's their auth-cookie.

 This is a ticket about finding out what mods need to happen in
 little-t-tor, and coordinating the development of this feature.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14389#comment:37>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list