[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] [HTTPS-Everywhere] "darkweb everywhere" extension
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Yan,
Namecoin would definitely be interested in something similar (we were
actually discussing the possibility of exactly this yesterday). Maybe
we could produce a list of relevant projects that would benefit from
this? (The three that come to mind immediately are Tor, I2P, and
Namecoin, but there may be others.) If there are more than a few
projects that would benefit, then it might be interesting to find a
neutral format for the HTTP header, so that we wouldn't have to list
all the supported TLD's explicitly in the spec.
(CCing to Namecoin dev list.)
- -Jeremy Rand
Lead Application Engineer, Namecoin Project
On 11/02/2014 11:48 PM, yan wrote:
> +tor-dev. tl;dr: Would be nice if there were an HTTP response
> header that allows HTTPS servers to indicate their .onion domain
> names so that HTTPS Everywhere can automatically redirect to the
> .onion version in the future if the user chooses a "use THS when
> available" preference.
>
> I imagine the header semantics and processing would be similar to
> HSTS. It would only be noted when sent over TLS and have the
> max-age and include-subdomains fields.
>
> -yan
>
> yan wrote:
>> Hi all,
>>
>> Some people have requested for the "Darkweb Everywhere" extension
>> [1] to be integrated into HTTPS Everywhere. This is an extension
>> for Tor Browser that redirects users to the Tor Hidden Service
>> version of a website when possible.
>>
>> I'm supportive of the idea; however, I'm worried that since
>> .onion domain names are usually unrelated to a site's regular
>> domain name, a malicious ruleset would be hard to detect. AFAIK
>> Darkweb Everywhere only defends against this by publishing a doc
>> in their Github repo that cites evidence for each ruleset [2].
>>
>> What if, instead, we asked website owners to send an HTTP header
>> that indicates the Tor Hidden Service version of their website?
>> Then HTTPS Everywhere could cache the result (like HSTS) and
>> redirect to the THS version automatically in the future if the
>> user opts-in.
>>
>> If this is something that EFF/Tor would be willing to advocate
>> for, I would be happy to draft a specification for the header
>> syntax and intended UA behavior.
>>
>> Thanks, Yan
>>
>>
>> [1] https://github.com/chris-barry/darkweb-everywhere/ [2]
>> https://github.com/chris-barry/darkweb-everywhere/blob/master/doc/EVIDENCE.md
>>
>>
_______________________________________________
>> HTTPS-Everywhere mailing list HTTPS-Everywhere@xxxxxxxxxxxxx
>> https://lists.eff.org/mailman/listinfo/https-everywhere
>>
>
> _______________________________________________ tor-dev mailing
> list tor-dev@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUVxzXAAoJEFgMI9bDV/9qY3UIAJrl5LI/1OHJngu1W9DsLAjr
nh+Csnm66z5tQTwiwva1Tb4b6trHv4KkHItaTm0cI44mQNsd+YEkh0oRBTSNNcRm
HY0BDn2pqTlQPN9bWvclGEtCacevCbaQiZgPpxPa+1crtavto4VAnv0/EI85QVAe
XHUNBeAHmB3qNATXsVJ61oksWlU/x8ao62fB13cUd2fVyaasWz4PPsAJ9n3TkdYG
/el7mAuM6XdA1fFaGFd1ta0jRuER2VgKQvJQctu/6a/9jiNlib3YmMOOxvF0WR+/
foUdhFkNCmRWwxqnxFDiKM0ilRLjTQ47CYRkgkqD4azPlkNvUULbO3KhaWPB9/4=
=rUsH
-----END PGP SIGNATURE-----
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev