Date: Mon, 4 May 2015 16:07:20 -0400 From: CJ Ess zxcvbn4038@gmail.com
Thanks for going into so much detail, you've given me a lot to think about. The real solution is probably the one that nobody wants to take on - having an application HTTP port that could take direct input from HTTP aware stuff and utilize a richer set of information then SOCKS allows for. I've spent a couple evenings looking to see if I could take the code stuff from the dirport and use it for that purpose. I need to spend another couple evenings and and go back and look at the SOCKS4 stuff, I've just recently realized that the state machine for that is closer to an http request/response.
CJ,
Pluggable transports are designed to arbitrarily change how tor makes outgoing connections. The existing transports are used for obfuscation, but they could be used for dynamic proxy authentication as well. (Some do take authentication arguments.)
You'd just have to work out which user to authenticate each tor connection with - which is a difficult question of policy. This arises because tor only makes a small number of long-term connections to a few guard nodes, and multiplexes multiple streams over these connections.
teor
teor2345 at gmail dot com pgp 0xABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7