[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] darkweb-everywhere - was: Using HTTPS Everywhere to redirect to .onion



On 5/13/2014 7:24 PM, Patrick Schleizer wrote:
> darkweb-everywhere
> 
> "HTTPS Everywhere rulesets for hidden services and eepsites."
> 
> https://github.com/chris-barry/darkweb-everywhere
> 

I had an idea recently that might be an improvement (or might not?) on
the darkweb-everywhere concept.  What if we introduced an HTTP header
similar to HSTS -- `X-Onion-Address` perhaps -- which could be sent by
sites that wished to advertise their .onion address?  Just like HSTS,
the header would only be acted upon if received over HTTPS (we don't
want malicious parties injecting headers and redirecting people).
Future versions of TBB could perhaps automatically redirect users to the
.onion site when this header is present, or perhaps prompt users to
inform them of the hidden service.

-- Mike
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk