[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Deploying Alt-Svc on your own website. Hello?
On Sat, 22 Sep 2018 15:28:19 +0100
Ben Tasker <ben@xxxxxxxxxxxxxxx> wrote:
> You need to configure your onion server block to respond on port 443 _and_
> to handle your clearnet host header (and serve a publicly trusted
> certificate matching that name). Alt-Svc tells the browser to use the
> alternate address as a trusted origin for the service it's connecting to,
> so it'll connect to 1234.onion and request www.example.com
Also, do you mean there's no way to have an Alt-Svc with "[...].onion:80",
directing to a plain HTTP connection to the hidden service? (Assuming the
initial request to the clearnet site was on HTTPS.)
There is no point in running HTTPS-over-Tor-hidden-service, as .onion traffic
is already authenticated and encrypted, it only adds useless overhead. If
there's no way around that with the alt-svc scheme, that seems like a huge
oversight.
--
With respect,
Roman
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk