[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Deploying Alt-Svc on your own website. Hello?

On Sat, 22 Sep 2018, 16:07 Roman Mamedov, <rm@xxxxxxxxxxx> wrote:

> There is no point in running HTTPS-over-Tor-hidden-service, as .onion
> traffic
> is already authenticated and encrypted, it only adds useless overhead.

I see your point, but there are a couple of additional perspectives to be
- especially regarding new functionality that will be locked to HTTPS

> there's no way around that with the alt-svc scheme, that seems like a huge
> oversight.

Respecting AltSvc on port 80 would be as dangerous, possibly more
dangerous, than cleartext HTTP already is; and regards the notion of making
"onion" into a widely respected secure source equivalent to a HTTPS site,
please see the above essay.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to