#14389: little-t-tor: Provide support for better TBB UI of hidden service client authorization -------------------------------------------------+------------------------- Reporter: asn | Owner: tbb- | team Type: defect | Status: | needs_revision Priority: Medium | Milestone: Tor: | 0.4.2.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: tor-hs, tbb-usability, ux-team, hs- | Actual Points: auth | Parent ID: #30000 | Points: 14-24 Reviewer: | Sponsor: | Sponsor27-must -------------------------------------------------+-------------------------
Comment (by asn): Replying to [comment:45 mcs]: > Replying to [comment:44 asn]: > > So, I guess the plan here is to use HTTP CONNECT for this, and define a new error code for HTTP CONNECT that says that a destination needs client auth. I guess we would need a proposal for that. Who wants to write this? > > To me, the answer is "someone who can also take into account the other error scenarios that we will need to address later, e.g., invalid onion address and other onion-service related errors." Kathy and I don't think we know enough to write a proposal. > > * We are not sure what to do about other traffic, e.g., FTP. Our guess is that due to the architecture of the Firefox networking stack, HTTP CONNECT is only available for HTTP traffic. It might be difficult to ensure that no proxy bypass possibilities are introduced if we switch to HTTP CONNECT. > Thanks for digging into this mcs. From the above issues, only this one about proxy bypass seems to be blocker to me. All the others are things that can be solved with some moderate engineering efforts IIUC. However, if we can't guarantee that we have no proxy bypass we can't really proceed with HTTP CONNECT, right? What do you think? -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14389#comment:46> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs