[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9852 [Flashproxy]: [Flash-proxies] - WS with HTTPS

Subject: Re: [tor-bugs] #9852 [Flashproxy]: [Flash-proxies] - WS with HTTPS
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 30 Sep 2013 22:11:51 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 30 Sep 2013 18:12:03 -0400
In-reply-to: <047.91024b8a90d4582af5428221e0a9f5f9@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.91024b8a90d4582af5428221e0a9f5f9@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9852: [Flash-proxies] - WS with HTTPS
----------------------------+-----------------
     Reporter:  Aymeric     |      Owner:  dcf
         Type:  defect      |     Status:  new
     Priority:  normal      |  Milestone:
    Component:  Flashproxy  |    Version:
   Resolution:              |   Keywords:
Actual Points:              |  Parent ID:
       Points:              |
----------------------------+-----------------

Comment (by dcf):

 Replying to [comment:2 Aymeric]:
 > So, you are promoting HTTPS Everywhere but it's not an issue for you not
 to be able to use the flash proxy tag on https sites? And the Stanford
 flash proxy presentation site is using https...

 As I say, it's a consideration, but not really a problem. It is a shame
 that the proxy doesn't work on HTTPS sites, but we are not aware of any
 good workaround, and there are enough plain HTTP sites hosting it that it
 doesn't matter very much. The biggest cost is having to explain to
 conscientious site owners who run their sites over HTTPS why their badge
 won't work :(

 Censored users using the Tor Browser bundle with HTTPS Everywhere are not
 affected, because censored users don't need to see or run the proxy badge.
 Other, uncensored users (who mostly don't run HTTPS Everywhere) are the
 ones who are running the proxy code.

 The demo site also runs over plain HTTP. We don't do anything to try to
 force HTTPS users onto plain HTTP, because we have enough proxy capacity.
 As you see, it is kind of a complicated issue to explain anyway.

 > I brought the issue to different lists, always getting the same answer
 (security issue to downgrade from https to http but no problem to use
 https with http...), lists that do not perceive (or don't want) the fact
 that using ws with something more secure on top of it rather than wss can
 be better.
 >
 > Maybe you and other organizations should weigh more in the specification
 process.

 I think that the browsers are doing the right thing here. It's a sensible
 security decision to disallow non-SSL WebSockets from an SSL page. We just
 have to work within that restriction. It is at most a slight annoyance,
 not really a problem.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9852#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #9852 [Flashproxy]: [Flash-proxies] - WS with HTTPS
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #9857 [Service - git]: Create a check.git repository
Next by Author: Re: [tor-bugs] #9852 [Flashproxy]: [Flash-proxies] - WS with HTTPS
Previous by thread: Re: [tor-bugs] #9852 [Flashproxy]: [Flash-proxies] - WS with HTTPS
Next by thread: Re: [tor-bugs] #9852 [Flashproxy]: [Flash-proxies] - WS with HTTPS
Index(es):
- Author
- Thread