On Tue, 2 Jul 2019 at 13:42, Mark Smith mcs@pearlcrescent.com wrote:
On 6/21/19 8:50 PM, Tom Ritter wrote:
The attached is a draft proposal for allowing tor to lie to an application about the SOCKS connection enabling it to send data optimistically.
It's going to need some fleshing out in ways I am not familiar with, but I wanted to get something out to start as we think that this is probably the best path forward for bringing back Tor Browser's optimistic SOCKS behavior.
I am not sure what to do about it, but I think the approach you describe will break the method that Tor Browser just started to use to detect that an onion service requires client authentication (see https://trac.torproject.org/projects/tor/ticket/30000 and associated child tickets). The tldr is that we rely on receiving a new error code from the SOCKS connect request.
Hm, yes.
We could not use optimistic data for onions...
Or instead of using a SOCKs error code we could return a special type of error (encapsulated in a HTTP response) recognizable by Tor Browser. Something like "If the response to an onion request is status code 407 Proxy Authentication Required (or 4xx whatever) then the Browser should prompt for onion service client authentication and retry the request with that."
Or... something else? Very interested in what David/asn think since they worked on #30382 ...
-tom