[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] darkweb-everywhere - was: Using HTTPS Everywhere to redirect to .onion

On 05/13/2014 06:51 PM, Michael Wolf wrote:
> On 5/13/2014 7:24 PM, Patrick Schleizer wrote:
>> darkweb-everywhere
>> "HTTPS Everywhere rulesets for hidden services and eepsites."
>> https://github.com/chris-barry/darkweb-everywhere
> I had an idea recently that might be an improvement (or might not?) on
> the darkweb-everywhere concept.  What if we introduced an HTTP header
> similar to HSTS -- `X-Onion-Address` perhaps -- which could be sent by
> sites that wished to advertise their .onion address?  Just like HSTS,
> the header would only be acted upon if received over HTTPS (we don't
> want malicious parties injecting headers and redirecting people).
> Future versions of TBB could perhaps automatically redirect users to the
> .onion site when this header is present, or perhaps prompt users to
> inform them of the hidden service.
> -- Mike

If I'm going to use <https://344c6kbnjnljjzlz.onion>, I'd rather not be
redirected from <https://vfemail.net>. It's a small risk, but wouldn't
it be better to get onion addresses from some trusted site via HTTPS?
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to