[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: client bug in 0.2.2.7-alpha and a new bad exit: exoassist



> One is in the HTTP(S) header, which can indeed be stripped by privoxy.

HTTPS cannot be terminated, stripped and re-encapsulated by privoxy.
It passes straight through. I still offer a gold doubloon to anyone who knows
of a good unix TLS proxy/munger. One can dream.

> tor handles a .nickname.exit passed to it in a unique way

Nicknames are not unique. People should be specifying fingerprints instead.
ie: fingerprint.exit

> technicalities of SOCKS proxies... certain that .exit notation caused errors
> from destination servers... it's not a new problem.

It's not a socks issue. Until a TLS proxy is available, the most
direct 'fix' would
be a browser plugin that strips it off the host header when it is seen
in the URL...
before the browser does ssl on it. The two results would then get
stuffed through
socks as usual.

> Of course some servers aren't running virtual hosts and so don't care about
> the "Host: example.com.nickname.exit" header

That's why, failing enhancement of MAPADDRESS, keeping .exit around would
be handy for clued people... ssh [example.com|10.0.0.69].fingerprint.exit...
is much simpler than managing a MAP. Yet unclued people don't know exit
can bite them in URLbars, so they complain, so there is desire to kill URLbars
to kill complaints from the unclued. Not to mention it isn't a fully
capable method
to begin with.

> Perhaps one of the developers could weigh in on whether Tor itself should be
> modifying the Host header

It should not, Tor only provides passive transport services, and rightly so.
I'm not a dev. And the world is going TLS. So if Tor does anything to
'fix' this,
it should enhance the MAPADDRESS functionality as proposed earlier.
And possibly provide a friendlier human 'domain2exit selection' interface to
it via Vidalia or whatever windows people need.

> - it may be moot as .exit notation is deprecated now

It is deprecated in your URLbar. But not in the MAPADDRESS function.
Exit MAPADDRESSing is still needed given the world's penchant for
screwing up how their own services work based on where you're coming
from.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/