On Tue, Jun 7, 2011 at 2:55 PM, Runa Sandvik <span dir="ltr">&lt;<a href="mailto:runa.sandvik@gmail.com">runa.sandvik@gmail.com</a>&gt;</span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On 7 Jun 2011, at 22:00, Jacob Appelbaum &lt;<a href="mailto:jacob@appelbaum.net">jacob@appelbaum.net</a>&gt; wrote:<br>
<br>
&gt; On 06/07/2011 01:28 PM, Andrew Lewman wrote:<br>
&gt;&gt; On Tue, 7 Jun 2011 21:08:48 +0100<br>
&gt;&gt; &quot;Runa A. Sandvik&quot; &lt;<a href="mailto:runa.sandvik@gmail.com">runa.sandvik@gmail.com</a>&gt; wrote:<br>
&gt;&gt;&gt;&gt; Vidalia is not designed to control or configure a Tor process that<br>
&gt;&gt;&gt;&gt; it did not start.<br>
&gt;&gt;&gt;<br>
&gt;&gt;&gt; I have tested this, and it works just fine. The question is; are we<br>
&gt;&gt;&gt; happy with something that works, even if it&#39;s being used in a way that<br>
&gt;&gt;&gt; it was not designed for?<br>
&gt;&gt;<br>
&gt;&gt; Vidalia was designed to do this from the start, which is why it uses<br>
&gt;&gt; tcp/ip instead of some ephermeral file descriptor locally.  The<br>
&gt;&gt; connection between their vidalia and the tor process is in plaintext.<br>
&gt;&gt; That should be the concern.<br>
&gt;&gt;<br>
&gt;<br>
&gt; Yes, it should be SSL/TLS, as I&#39;ve previously suggested, if we&#39;re going<br>
&gt; to use that as the controller.<br>
<br>
</div>Any idea about how we can do this between Vidalia and a Tor process? Would stunnel be useful in this case?<br>
<br></blockquote><div><br></div><div>Vidalia needs to run a TLS server on whatever port it opens. Tor would need to know how to communicate with a TLS control port. I believe that it would be an interesting problem to try to authenticate the certificate of the remote Tor and actually one that could be solved without too much issue.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
We would also need a way for users to easily change the hashed password. I can&#39;t remember if this is a feature that is already present in Vidalia.<br>
<div class="im"><br></div></blockquote><div><br></div><div>Yes, we do need a way to change the password. We will also need a way to reset the password if the user is locked out of the control port. I generally think that this means we&#39;ll need a web UI... :-)</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">
&gt; I still think that a web interface isn&#39;t that big of a deal if we&#39;re<br>
&gt; just shipping Debian...<br>
&gt;<br>
&gt; We just need to get a list of requirements and them hammer it out.<br>
<br>
</div>It&#39;s not a big deal, but it will take more time to get the Torouter ready. If Vidalia can do what we want, why not use it? The user experience might be a bit better with a web interface, though.<br><font class="Apple-style-span" color="#888888"><br>
</font></blockquote><div><br></div><div>Well, I see a number of issues. One of the main issues is that you cannot safely connect to Vidalia over a network until TLS support is added to both Vidalia and Tor. Another is authentication of that connection. Yet another is that it will be extremely confusing for a user who doesn&#39;t understand what Vidalia does or why they&#39;d need it.</div>
<div><br></div><div>I think the best thing is to make an autoconfiguring device with a web UI; we can easily rate limit Tor to something reasonable and make it a middle node by default. In all cases it stands alone and simply plugging it into a wall (power/ethernet) will provide more capacity to the network if the OR port is reachable (ala tor-fw-helper + tor + init.d scripts to start Tor on boot).</div>
<div><br></div><div>Adding Vidalia to the mix seems like a nice to have but I don&#39;t think it&#39;s currently up to the task...</div><div><br></div><div>All the best,</div><div>Jake</div></div>