Opened 12 months ago

Closed 4 months ago

#20575 closed task (implemented)

Deprecate HTTPProxy and httpproxyauthenticator

Reported by: cypherpunks Owned by: dgoulet
Priority: High Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: review-group-18
Cc: Actual Points:
Parent ID: Points: .2
Reviewer: Sponsor:

Description

github.com /ricochet-im/ricochet/issues/467

Users should switch to HTTPSProxy, even if they're using "HTTP Proxy" like Privoxy/Polipo.
Remove HTTPProxy. It is really confusing.

Child Tickets

Change History (19)

comment:1 Changed 12 months ago by nickm

Milestone: Tor: 0.3.0.x-final
Status: newneeds_review

comment:2 Changed 12 months ago by nickm

Status: needs_reviewnew

If this option is always a bad idea, then we should deprecate it and schedule it for removal. We shouldn't remove it from the manpage until it's actually gone, but we _should_ make sure that the documentation says "here's why you shouldn't use it."

comment:3 Changed 10 months ago by dgoulet

Keywords: triage-out-030-201612 added
Milestone: Tor: 0.3.0.x-finalTor: 0.3.1.x-final

Triaged out on December 2016 from 030 to 031.

comment:4 Changed 8 months ago by nickm

Points: .2
Priority: MediumHigh

comment:5 Changed 6 months ago by dgoulet

Owner: set to dgoulet
Status: newaccepted

Taking those ticket for patches.

comment:6 Changed 6 months ago by dgoulet

Status: acceptedneeds_review

So I went with only adding this to the deprecated option list and will rip it off from the code/man in a later version. Also, the reason I put in is pretty simple, please let me know about a better one!

See branch: ticket20575_031_01

comment:7 Changed 6 months ago by nickm

Status: needs_reviewneeds_revision

Needs a changes file.

The manual should say that the option is deprecated.

A cleaner reason would be "It only applies to direct unencrypted HTTP connections to your directory server, which your Tor probably wasn't using."

comment:8 Changed 6 months ago by dgoulet

Status: needs_revisionneeds_review

See fixup commit in ticket20575_031_01.

I actually put HTTPProxyAuthenticator as well in the deprecated list which is only used with HTTPProxy so...

comment:9 Changed 6 months ago by nickm

hm, hang on a tick. Do we want to deprecate this option entirely, or rename it to make it clear that it only applies to relays' HTTP connection to the authorities? Let's actually confirm that deprecating is what we want.

I think deprecation is okay, since if anybody actually is using this option, we'll find out as we deprecate it, and we can just undo the deprecation. But we should think explicitly about that.

comment:10 Changed 6 months ago by dgoulet

Status: needs_reviewneeds_information

Hrmmm indeed... that's probably a wiser choice but will definitely break existing relay configuration if we plain rename.

What about deprecating it and also creating a HTTPRelayDirectoryProxy (not final name) that does exactly what HTTPProxy does for relay directory request which would provide a transition path?

comment:11 Changed 5 months ago by arma

I think we should deprecate both httpproxy and httpproxyauthenticator, with intent to remove them when nobody complains.

They are options from back in the day when client directory interactions happened over http, so we needed to survive having a local proxy in between us and the web.

I think the chances that some relay operator ran across them and decided to send their relay descriptor uploads via an http proxy are basically zero. (Or, if somebody did, they need to stop.)

comment:12 Changed 5 months ago by arma

We can also deprecate ReachableDirAddresses for the same reason.

Though, a tiny gotcha: if we're wanting to warn about use of ReachableDirAddresses, notice that FascistFirewall 1, which we still should support, auto-sets ReachableDirAddresses, and we shouldn't warn if the only reason it's set is because of FascistFirewall.

comment:13 Changed 5 months ago by nickm

Milestone: Tor: 0.3.1.x-finalTor: 0.3.2.x-final

comment:14 in reply to:  12 Changed 5 months ago by arma

Status: needs_informationnew
Summary: Delete HTTPProxy from Tor config manual, and Tor itselfDeprecate HTTPProxy and httpproxyauthenticator

Replying to arma:

We can also deprecate ReachableDirAddresses for the same reason.

Though, a tiny gotcha: if we're wanting to warn about use of ReachableDirAddresses, notice that FascistFirewall 1, which we still should support, auto-sets ReachableDirAddresses, and we shouldn't warn if the only reason it's set is because of FascistFirewall.

Turns out ReachableDirAddresses already has its own ticket: #19704. So I'm going to focus this ticket on just httpproxy and httpproxyauthenticator.

comment:15 Changed 5 months ago by arma

Status: newneeds_review

I am liking dgoulet's ticket20575_031_01.

comment:16 Changed 5 months ago by arma

(Though it will have a conflict on an unrelated line in the man page that it tried to fix too. Maybe a cleaner patch without that line will work even better.)

comment:17 Changed 5 months ago by nickm

Keywords: triage-out-030-201612 removed

comment:18 Changed 4 months ago by nickm

Keywords: review-group-18 added

comment:19 Changed 4 months ago by nickm

Resolution: implemented
Status: needs_reviewclosed

merged; please feel free to open more tickets to deprecate the other things mentioned above :)

Note: See TracTickets for help on using tickets.