[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Alt-Svc HTTP header
- To: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Alt-Svc HTTP header
- From: Iain Learmonth <irl@xxxxxxxxxxxxxx>
- Date: Sat, 7 Jul 2018 19:07:06 +0100
- Autocrypt: addr=irl@xxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata= xsFNBFZp8zEBEACxOYriD+tEuc3Wpnbh+GGnyiaLEMABBrfn6JlDQphbBq/YTz9M9OPkttjx hLL/yrxlM1nD69XbGKQ9gIL3LEgOz9+OdivPbN+Q5iNMqk/WCQUqd3bCFbbsn1yvoTumFy9S 9kYX45Db3jRJoN/Nye6Stf7KKPxHxot14iY+PUR/5Gx5KbeWVKfDtQejGnhxQD73KjrX4wds BAaxnQ7KbjQyUf+IxE+8qSDcyTP+pPqxspVzx+eFqsW5+kK1eJMHxJmY/KsAs6IsGf5lvyDJ JECc2iE0mFS6vc14lGcD7BAYMPRnvlK3OcDlbdJS3ZU0LQu3/AplM7cNcesq2Btm06OUTsbj 10ZiyLi7Q0WZRuUbn7t3jOQVyOlNfjUpJhKPMMobBL2R0KzcptJbUrKc08wZD/TPaXuHKWAE JuA6kFMXtHhV8Qhxz5/d2KUA8ex+zpVd2xSR6q4llcYu1w8zHZtLN+YKSmjjKs+AjiTrCMYs OYxt4cwxuaIIhBNvCC9WqZOxHX7YHmpVcSV6K9Wwhk9mVIU3Ii0G2HWs6OQ0vIueCDGMEdVk ig/a7cVlfXNz7WuaXuhOJmHz6d6Yk4dFn5mLbEY9cZhBxf5hjCwtp9b6v+ueuptfcnOd+38G 9KH6NyHKZyS4jcd3E6Dp0+9Isbl/EohjPCujevoW3/DlT08OKQARAQABzSBJYWluIFIuIExl YXJtb250aCA8aXJsQGZzZmUub3JnPsLBlwQTAQoAQQIbAwULCQgHAwUVCgkICwUWAgMBAAIe AQIXgAIZARYhBKj3ulBB4TMznLoWlnbVgJP1QKvNBQJaa1esBQkF4pf7AAoJEHbVgJP1QKvN BB8P/0iaI8JPpEYyrHnGn5fYrvfDA5QRABOvnk50mK+RsgDLlmh3/4VKVmS4nW+TyfSJ1pkm V+4EU0wM8lJ5fbnteFTqxg2are+RtBfCrpoMY1jRC1nvuxsIKGcy7KOActbKfBDpVm3fB+Hl RDmQgJY1gK0NDiir3YVoCoKtaI5H/TJa4SEXrDg3qcgKoU0Z1irj250o7B0GhcM4MynpwC3S aPtMjerAkbfVhbvp1MGogJoBEroULwzfVNNpBFHFwYWQLgyQc8bLaa6OncuMZDkWQHoUeEiP HBBiIGDujStBFL6+HUg3yiVpT32P0ZfnoSClaGnq8skWAnJtBKc9mww7kfa4hDQol/Hjcm5r ykdXm+SK53QdCxaMC3alHVOdkDekNfoziTfiNE56LqBidWrUG5XSL/9lJZMTm023ToTzejn+ KtiDdRZok80mcJ79quJFPj+L4JUjE3NdgBMdSWnGi9Qgqw7rn6LjOhF4AiyT+2kLwnomGDHf H8Yty+B3gs/BiVVpdRXE2SuoI/xK6Vjq4s3+q0Bl3Zt0sa2s9nsl1kToYkKabYHatERgHWEB VJ357glcnAb5LaX7wGfzPq5tFvKw3u1SFAbRwyV6dUir6B8mfBBDk/IKeSXLc84gEexmPRgP 295wHHaDdbEDhXdlm6gtnVPUX1hQgFR/33/YGp1ZzsFNBFprf6sBEADOANf22so7uoGcvok2 TM/T8BHI5+TqHEc4hVe+JGGJ1ZnWlgtGmpOs0fOQj3WAgGI0ZmTqMuozKF/K9ljbjaMXsLD+ JIBTD4rINy60VX2zHhmWhNaOcJvq+wbuHx0tMbhqsTStGnSkvRhH61ncMqVqlTTTLVQQSxKl 9D2l7ZGwEPLHRFlydTOOix+F+Y1ehxYLVaPkaycs8wvgjYsDLo3T8TmuOL+rcEfvxJ6lT2V5 I51xqievqoBazAfXvA8FW/0G+Z9LUJmViOVluWg3xjP8okKYgOkOeX00vMBCVaiEA08oaxY0 ebS7uBEgppjWSwn+WAhB+6spd67d4W+DmAnM262lxFMhVYhXpfeV9zygULQOofdE6xtFkaxr /y8xQ4Bf7zX8ko6X9aFQFB/vc+zUtjzjg4VaQvWrThjaHlbEKR55MDxJu2T9S7g5bR4zxZNv 36gwlIdmx33a1AeR1nGcWa/7OtoS53+lUwyFVWLOnucqKh71Y38AAMd5L9Fsb+ArQem71knE UTC+HvBGkPb2Y2PzGnnzhZyC8zgE8AjVD0wB+RMDNI3+fIW6biKAHDqrS6ZCVkzJ1R9nOjXM HRYZ5qlG+rCOeu6Jp4yNwp46z4PqiiLJ9NtmdNttLCEn5PDVF3g9g811JcadvFVH1ZELoDGW Mg3Q+QOHQBFYj7cj2QARAQABwsF8BBgBCgAmFiEEqPe6UEHhMzOcuhaWdtWAk/VAq80FAlpr f6sCGwwFCQHhM4AACgkQdtWAk/VAq80LwA//djg9GBhL2YYN57h/dso0V+hvNEFtCCS1sCBD Y5bHWxBMJDc77gY7Uxzf6au9SRj/tQGhqehFc1yTK5/z+FmS8qor/q3DINdRTG6h616RBhug YJkYQPYFoGqH6OwZZ+u4wtAJF9kQyngB97eC13xvrtb8pv3T2ZbMyiYSQgB6odJgSjq+MdxF W4lNdXihLCMbhvlapKwkItE/XZT8YBZW6gyZiCalSjkNITdirjch2twZDiYQIHCmeU4JrLLR gmeWGhfwZSEfq2Kd9WIK2KtTaONYVu7UrLD5WKAx8XX6vjPMyEtylQplyn0j3s5J09vzhfTY QirB4OseU1TQ5StWu4CgVauTRLjz+rm5rHGqZ5wcNdbiLyL7GIva4EvqTqRTiGzqiE/gkdmx +Lf0BKH8m4dVszNMdKjd6eBMnZQg7imjb2zk4UI9LAKSg5BKOXW3+NyiSAjvj7DA06XJ1Y3d b1+KiFDO7EM1729F4CgJk0DKbM4HAq6H1YVbCKk1X3GuWQJzNqYOwnywb5igYymMic2ixM5D MVaSLnWUEaLkW8enGj5wonz3IBtHa8B5tu6MJ87cRiSFbn5eupB7LxJu5SLcFbphvkuSR5oP F4Zy0Fzxq0XOZUs1Do/EZCWYZZl8cIRP/JcsE0N2HQixAVRoBAs5MkMw1+NaiVgrd0v6/ik=
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Sat, 07 Jul 2018 14:07:24 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=tcEEM5bdlFm1Cnnc29eREtgzQIT57 ++vU2TkGj6wMyE=; b=AGED6kV4myJYDI0alF9uwBSmKe0r8pDqn76Dk0eaEVUyM C++NkF0BDL0UQKlGWa8dYPIpCkNeIhFUaW6MDOvgubiNfXol/+ew9h2h5QsHx0x+ cmCtm6QPI99MLI6mheo8sRKeL8woxkttTehynZFEI8ky+Zyq7YqcOJTISpZ6Z3E5 vT5qdKVkggwMSFyqP0CAhHzr0BdEtLHH0SxUxC6v80HuHxCPief/BWfEyyfP/EQT HeDJtmSZxrsv8axabJqJNDm+W0BH/BxYb9c+OLfC/sqerVmiI8f7lxpGYR7la9hy SYo0J1D1ozXZZATSBOhx4/dsfZ28OQ7CIwnAlhXqA==
- In-reply-to: <87fu6j8ywr.fsf@riseup.net>
- List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
- List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
- List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
- List-post: <mailto:tor-dev@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- Organization: Tor Project
- References: <87ined2fbo.fsf@riseup.net> <878ted6yzq.fsf@riseup.net> <9772edff-d447-fa8b-2523-5a348ff9875a@torproject.org> <87fu6j8ywr.fsf@riseup.net>
- Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
Hi,
I've had a go at implementing this for my personal blog. Here are some
things:
> We introduce a new HTTP header called "Onion-Location"
> with the exact same restrictions and semantics as the
> Location HTTP header. Websites can use the Onion-Location
> HTTP header to specify their onion counterpart, in the
> same way that they would use the Location header.
>
> Example:
> Onion-Location: http://vwc43ag5jyewlfgf.onion
This example is perhaps not the best example. I tried to get things
working with the Healthy Onions add-on, but found that the developer had
interpreted this to mean that the Onion-Location value is just a
replacement for the protocol and domain parts of the URL, not a
replacement for the whole URL.
There may not be a 1:1 mapping in the URL space between the two URL
domains. At the very least, I would add a trailing slash (/) to the
example. The Healthy Onions developer seems to expect the string to end
with ".onion".
My personal website is a static site (mostly). In my implementation, I
took a list of all possible HTML URLs (excluding images, stylesheets,
etc.) and generated a list of corresponding onion locations.
I figured that being a blog, people often link to individual pages
instead of just to my homepage (which is probably the least useful page
on the site). Having the Onion-Location header on every page someone
could land on gives the best chance that they will discover the onion
service.
But then I realised that some of the locations I had generated
Onion-Locations for would also be serving Location headers as they were
old URLs. What should a browser do in this case? What should an
implementer do? In my implementation, I've thrown in the Onion-Location
headers regardless of whether or not a Location header is also present
because it was easier.
It could be preferable that the redirection is followed after switching
to the Onion service (i.e. Location header is ignored until user
responds to the Onion-Location header prompt), but this would mean the
page wouldn't have loaded before you get the prompt to go to the Onion
service, which may be confusing for users. Alternatively, if the page
has a Location header then the Onion-Location header should be ignored.
Thanks,
Iain.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev