[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Deploying Alt-Svc on your own website. Hello?

To: Ben Tasker <ben@xxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] Deploying Alt-Svc on your own website. Hello?
From: Roman Mamedov <rm@xxxxxxxxxxx>
Date: Sat, 22 Sep 2018 20:07:14 +0500
Cc: tor-talk@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 22 Sep 2018 11:07:27 -0400
In-reply-to: <CABMkiz4KnXqwFX-vPkRMzqBNgC5qCiL4R0F9Qc+NCK0AG-uHSg@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAFWeb9L8UTivxHynqB6GRM9KxKDqorXC1Lw6RodSt35CmufGtQ@mail.gmail.com> <20180922185805.24af3717@natsu> <CABMkiz4KnXqwFX-vPkRMzqBNgC5qCiL4R0F9Qc+NCK0AG-uHSg@mail.gmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Sat, 22 Sep 2018 15:28:19 +0100
Ben Tasker <ben@xxxxxxxxxxxxxxx> wrote:

> You need to configure your onion server block to respond on port 443 _and_
> to handle your clearnet host header (and serve a publicly trusted
> certificate matching that name). Alt-Svc tells the browser to use the
> alternate address as a trusted origin for the service it's connecting to,
> so it'll connect to 1234.onion and request www.example.com

Also, do you mean there's no way to have an Alt-Svc with "[...].onion:80",
directing to a plain HTTP connection to the hidden service? (Assuming the
initial request to the clearnet site was on HTTPS.)

There is no point in running HTTPS-over-Tor-hidden-service, as .onion traffic
is already authenticated and encrypted, it only adds useless overhead. If
there's no way around that with the alt-svc scheme, that seems like a huge
oversight.

-- 
With respect,
Roman
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Deploying Alt-Svc on your own website. Hello?
  - From: Alec Muffett
- Re: [tor-talk] Deploying Alt-Svc on your own website. Hello?
  - From: Ben Tasker

References:
- [tor-talk] Draft: Different Ways To Add Tor Onion Addresses To Your Website
  - From: Alec Muffett
- [tor-talk] Deploying Alt-Svc on your own website. Hello?
  - From: Roman Mamedov
- Re: [tor-talk] Deploying Alt-Svc on your own website. Hello?
  - From: Ben Tasker

Prev by Author: Re: [tor-talk] Deploying Alt-Svc on your own website. Hello?
Next by Author: Re: [tor-talk] alt-svc supported by TBB
Previous by thread: Re: [tor-talk] Deploying Alt-Svc on your own website. Hello?
Next by thread: Re: [tor-talk] Deploying Alt-Svc on your own website. Hello?
Index(es):
- Author
- Thread