[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Torbutton 1.3.0-alpha: Community Edition!

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Torbutton 1.3.0-alpha: Community Edition!
From: Mike Perry <mikeperry@xxxxxxxxxx>
Date: Fri, 1 Oct 2010 18:51:07 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 01 Oct 2010 21:51:13 -0400
In-reply-to: <4CA61B33.9020900@xxxxxxxxx>
References: <20100930225748.GC13960@xxxxxxxxxx> <20101001013645.GA15005@xxxxxxxxxxxxxxxxxxx> <4CA61B33.9020900@xxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.4.2.2i

Thus spake David Bennett (dbennett455@xxxxxxxxx):

> On 09/30/2010 08:36 PM, Drake Wilson wrote:
> >> This release features "tor://" and "tors://" urls that will
> >> automatically enable Tor before loading the corresponding http or
> >> https url.
> >>     
> > Ick.  This sort of layer-mixing is the sort that forces people to use
> > a certain protocol for no actual reason. 
> > ...
> > Is there a reason not to use something like tor+http and tor+https for
> > the schema, thus opening up the space for (as a facetious example)
> > tor+nntp or analogous usages later?
> >   
> 
> Drake is correct, I don't think that scheme transport swap method is a
> great idea. 
> 
> That being said, the ability to bookmark a site securely is 
> advantageous. Plus, relative URL's referenced on a host would inherit
> the scheme.

This is not the case. The way the featur works is that Firefox
instantly converts the url to the real scheme after enabling Tor and
before loading the page.

> I do understand why it was implemented this way.  Scheme stacking would
> be much more difficult to pull off given current browser technology.  To
> the best of my knowledge, there are no browsers that would easily
> support this.

This rears its head in a lot of other places. For example, try
emailing, IMing or posting these urls to google groups. If you specify
tor:// as the prefix, worst case the url is not converted to a
hyperlink, but best case it is, and the user can just click on it.

However, all places I have tried to specify tor+http://link.com, the
http://link.com portion of the url is transformed into a hyperlink by
the software, but the "tor+" part is lost. This leaves room for user
error and also makes things inconvenient.

Intuition also tells me that tor:// and tors:// urls will be easier to
use, understand, and remember by the general public.. Can you give
some examples/reasons why just using these schemes actually prevents
us from doing this scheme layering idea for other protocols in the
future (when it is supported)? In otherwords, why can't we just do both?

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpxhMqtFcq1W.pgp
Description: PGP signature

Follow-Ups:
- Re: Torbutton 1.3.0-alpha: Community Edition!
  - From: David Bennett
- Re: Torbutton 1.3.0-alpha: Community Edition!
  - From: Drake Wilson

References:
- Re: Torbutton 1.3.0-alpha: Community Edition!
  - From: David Bennett

Prev by Author: Re: Hidden service: Is it possible for an attacker to break out of a VM?
Next by Author: Re: Torbutton 1.3.0-alpha: Community Edition!
Previous by thread: Re: Torbutton 1.3.0-alpha: Community Edition!
Next by thread: Re: Torbutton 1.3.0-alpha: Community Edition!
Index(es):
- Author
- Thread