Skip to content

little-t-tor: Provide support for better TBB UI of hidden service client authorization

**This is the network-team-side of ticket legacy/trac#30237 (moved). ** The current hidden service spec allows clients to authenticate themselves using auth-cookies. The future proposal 224 will allow clients to authenticate using username/password or pubkey.

Currently users have to edit their torrc and add HidServAuth lines for the hidden services that require authorization. In the future, it would be nicer if TBB had an interface for users to type in their authorization credentials.

Tor knows whether an HS needs authorization, because the intro list is encrypted. Tor would have to somehow transfer this knowledge to TBB, so that the browser can present a nice UI that the user can fill on the go.

Furthermore, with the future username/password authorization and this UI improvement, it won't be necessary for people to write on their torrc which hidden services they visit and what's their auth-cookie.

This is a ticket about finding out what mods need to happen in little-t-tor, and coordinating the development of this feature.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information