* on the Tue, May 13, 2014 at 08:51:28PM -0400, Michael Wolf wrote: >> darkweb-everywhere >> >> "HTTPS Everywhere rulesets for hidden services and eepsites." >> >> https://github.com/chris-barry/darkweb-everywhere >> > > I had an idea recently that might be an improvement (or might not?) on > the darkweb-everywhere concept. What if we introduced an HTTP header > similar to HSTS -- `X-Onion-Address` perhaps -- which could be sent by > sites that wished to advertise their .onion address? Just like HSTS, > the header would only be acted upon if received over HTTPS (we don't > want malicious parties injecting headers and redirecting people). > Future versions of TBB could perhaps automatically redirect users to the > .onion site when this header is present, or perhaps prompt users to > inform them of the hidden service. I would prefer it if the people who run websites with hidden service alternatives would simply check if the client IP is a Tor exit node, and then advertise the availability of the hidden service to such users inside the actual website. This wouldn't be that difficult either. We have the Tor DNSEL, and there are also a few Apache modules which allow you to perform DNSBL style lookups on the client IP and perform different actions based on the result, such as setting environment variables/headers etc. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk