[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #28005 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Officially support onions in HTTPS-Everywhere
#28005: Officially support onions in HTTPS-Everywhere
-------------------------------------------------+-------------------------
Reporter: asn | Owner: legind
Type: defect | Status: new
Priority: Medium | Milestone:
Component: HTTPS Everywhere/EFF-HTTPS | Version:
Everywhere |
Severity: Normal | Resolution:
Keywords: tor-hs https-everywhere tor-ux | Actual Points:
network-team-roadmap-november |
Parent ID: #30029 | Points: 20
Reviewer: | Sponsor:
| Sponsor27-must
-------------------------------------------------+-------------------------
Comment (by asn):
Here are some notes from the plans we made in Stockholm in the meeting
between
me, antonela, sysrqb, redshiftzero, geko and dgoulet:
----
Scope of work:
- First iteration will include onion rules for securedrop websites
(e.g. `nytimes.securedrop.tor.onion -> nyttips4bmquxfzw.onion`)
- Need to add a toolbar button in the ffox UI to show that a redirect
happened
- Rewrite URL in URL bar (only show the human-readable url)
- Add support for viewing rulesets (?)
- See how update channels work and whether we should disable them or not.
Out of scope:
- First iteration will not allow people to easily add their own rules
TLD scheme:
- Three options for tld scheme:
a) nytimes.securedrop.onion (ambiguous and probably unsafe)
b) nytimes.securedrop.tor.onion (safe but bad UX)
c) nytimes.securedrop.tor (good UX but DNS leaks in other browsers)
We decided to ditch (a) from our options and do either (b) or (c). (b)
is the
safest and we should probably roll with that (?).
FPF plan:
- FPF will change their securedrop directory to include ".tor.onion" links
for
their various instances.
Metadata:
- 3 months of work are enough
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28005#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs