[tor-dev] [RFC] control-spec: Specify add/remove/view client auth commands (client-side).

George Kadianakis desnacked at riseup.net
Mon May 6 17:04:51 UTC 2019


Mark Smith <mcs at pearlcrescent.com> writes:

> On 5/6/19 11:19 AM, George Kadianakis wrote:
>> Hello list,
>> 
>> here is a control spec patch for adding v3 client auth commands to
>> add/remove/view clients from the client-side (so Tor Browser -> Tor):
>>                 https://github.com/torproject/torspec/pull/81/commits/3a26880e80617210b4729f96664ef9f0345b0b7c
>> 
>> I'm currently unhappy with the naming of those commands, and in general
>> with how easy it is to confuse them with the (non-existent) service-side
>> commands. I'm wondering how to name them better so that when we add the
>> respective service-side commands (at some point we should) there is no
>> confusion.
>> 
>> Let me know what you think!
>
> Thanks for working on this.  I have a couple of comments:
>
> 1. How does Permanent get set?  Should there by an option added to
> ADD_ONION_CLIENT_AUTH to let the client say "store this on disk"?
>

Yes we do want that! We just thought it adds to engineering complexity and
it shouldn't get in as part of the first implementation (i.e. as an s27-must).

I will still add it to the spec, and just not implement it.

> 2. For VIEW_ONION_CLIENT_AUTH it would be nice if the HSAddress
> parameter was optional.  We may want to build an interface that allows
> users to see all of their keys and choose which ones to remove, etc.
>

Good point! Will do.

Will probs have a revision for this list tomorrow!


More information about the tor-dev mailing list