[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Using HTTPS Everywhere to redirect to .onion
On 2/28/14 2:25 AM, Roger Dingledine wrote:
I don't really want to get
into the business of writing an /etc/hosts file for public website ->
hidden service mappings.
Maybe an option to avoid that would be to do something along the lines
of HSTS. A Tor-Transport-Security header, that would specify the hidden
service that corresponds to the clearnet website being reached, only
when reaching the clearnet website over authenticated TLS.
After receiving such a header, the TBB would refuse to load the clearnet
website, and instead reach the .onion site for the specified max-age.
The .onion site would (have the authority to) update the max-age too.
If would change browser behavior based on past user behavior, which
allows for (some limited?) fingerprinting attacks.
Also, like with HSTS, you are still trusting the TLS PKI for the first
connection if you don't preload the list. Though, without this you would
need to trust the TLS PKI anyway, so there is not much to lose.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to