[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Torbutton 1.3.0-alpha: Community Edition!

Thus spake Drake Wilson (drake@xxxxxxxxxxxx):

> > Heh, it turns out this has the same problem, at least with Pidgin.
> > torhttp://link.com still creates an http hyperlink that when clicked
> > on directly would be loaded outside of Tor.
> >
> > httptor://link.com does not create a hyperlink, though.. Nor does
> > http+tor://link.com.
> Dear gods.
> Okay, I suppose that probably means that horse has already bolted.
> This is sad.  I tentatively retract my suggestion in light of that.

Well I think that specifying that urls are technically officially
supposed to be http+tor://, but that the http+ can be omitted gives us
the best of both worlds. These urls seem to be then treated mostly
correctly by dumb link parsers, because they will just become tor://
links if parsed, which would then work as normal.

The exception is that https+tor:// may then be treated as just a
tor:// url by a link parser, which effectively converts it into a
torrified http url, dropping vital ssl support. Hence, I think we
should also provide tors:// as an "unofficial" backup scheme for these

So no, your suggestion wasn't totally busted. It just required lots of
attempts to make it actually be practical. :)

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpRzAqUH9wti.pgp
Description: PGP signature