[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] torpoxy support for forced https

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] torpoxy support for forced https
From: Allen <allenpmd@xxxxxxxxx>
Date: Wed, 16 Dec 2015 09:23:35 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 16 Dec 2015 09:23:48 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=LCf8zczVE5g+qWySSqxXlpVlct9mg5DpPVZQn4dwyAk=; b=ftZ6OYknS49T4R4xLu9d2Jn/PruTU0NZobzKNAVxsksXzQs+vSx0qxyo3PCgMnAQ63 NWhxaTYrRHivGVusrJdRYGG+TqVJjWTDcrUFxXkSe7bLke6td68aCHPnsM/sCg7jwKkj t8F6tq4qrHjMf4zgfDcPiLdZmQBwnNJ+MH5CtkVkay+3HGS4d1guL7c2c+CY+bqm6YfK 0PxiO8f54dcRAPuSHMiO2uDbnBuNHKoj1+PVEMboI9upFtBg0oGNZI0LSG0rGGJvTVqV ayFc+5KpPayyjZ40JekUTMOX7sh2Xo92CyLihg3NqXkxhcrG8Wr4zCgamuovrLpKpr7h wQZg==
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

>
> To get all the ways in which web browsers threat https differently
> from http: mixed content warnings, cookie policies etc. pp.
> Browsers won't special-case .onion as 'like https', and should not
> because whether they actually are depends on things outside the
> browser.
>

I suggest torproxy could generate a random CA certificate when its
installed and transparently convert all http to https, generating the
required SSL certificates on-the-fly and signing them with the random CA
certificate.  The user would then have to add the random CA certificate to
their browser, or better yet, this could somehow be automated for the Tor
Browser.  One open question with this scheme is whether torproxy would also
need to rewrite html content to change http urls to https.

Alternately, the Tor Project could ask Mozilla and other browsers
developers to add a switch for "treat .onion as secure".  Or maybe it could
be "treat .onion as secure but only if certain conditions hold, such as the
proxy is running on the localhost and a to-be-determined status query of
the proxy succeeds".
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] torpoxy support for forced https
  - From: Katya Titov

Prev by Author: [tor-talk] regression in torproxy 2.7.4?
Next by Author: [tor-talk] #nottor
Previous by thread: Re: [tor-talk] Tor Historical Consensus Analytic
Next by thread: Re: [tor-talk] torpoxy support for forced https
Index(es):
- Author
- Thread