[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Deploying Alt-Svc on your own website. Hello?
Thanks for your work on this and the explanations on this list. When
things cleared up a bit, i'll add them to the manual:
#27820 new task
Explain the different approaches to onionify a website
http://ea5faa5po25cf7fb.onion/projects/tor/ticket/27820
https://bugs.torproject.org/27820
On Sat, 22 Sep 2018 16:15:08 +0100
Alec Muffett <alec.muffett@xxxxxxxxx> wrote:
> On Sat, 22 Sep 2018, 16:07 Roman Mamedov, <rm@xxxxxxxxxxx> wrote:
>
> > There is no point in running HTTPS-over-Tor-hidden-service,
> > as .onion traffic
> > is already authenticated and encrypted, it only adds useless
> > overhead.
>
>
> I see your point, but there are a couple of additional perspectives
> to be considered:
> https://medium.com/@alecmuffett/onions-certs-browsers-a-three-way-mexican-standoff-7dc987b8ebc8
> - especially regarding new functionality that will be locked to HTTPS
>
>
> If
> > there's no way around that with the alt-svc scheme, that seems like
> > a huge oversight.
> >
>
>
> Respecting AltSvc on port 80 would be as dangerous, possibly more
> dangerous, than cleartext HTTP already is; and regards the notion of
> making "onion" into a widely respected secure source equivalent to a
> HTTPS site, please see the above essay.
>
> -a
--
traumschule.org
gpg fingerprint:
9356 4DED 8546 8D9A C290 3605 12EE 7D70 7111 2056
/otr info
OTR: traumschule@xxxxxxxxxxxxxxxxx fingerprint:
OTR: 35AACA83 4564616C B6EBEC66 56B6B2FC C8D572F1
OTR: traumschule@xxxxxxxxxxxx fingerprint:
OTR: D1CCD207 B60C1866 56A975AE ACE090E9 45E90846
OTR: traumschule@xxxxxxxxxxxxxxxxx fingerprint:
OTR: 51BF8BB9 434840CC 24F264BC 76450C27 A6AADB12
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk