[HTTPS-Everywhere] "darkweb everywhere" extension
Alex Xu
alex_y_xu at yahoo.ca
Mon Nov 3 05:08:23 PST 2014
On 03/11/14 12:48 AM, yan wrote:
> +tor-dev. tl;dr: Would be nice if there were an HTTP response header
> that allows HTTPS servers to indicate their .onion domain names so that
> HTTPS Everywhere can automatically redirect to the .onion version in the
> future if the user chooses a "use THS when available" preference.
>
> I imagine the header semantics and processing would be similar to HSTS.
> It would only be noted when sent over TLS and have the max-age and
> include-subdomains fields.
>
> -yan
>
> yan wrote:
>> Hi all,
>>
>> Some people have requested for the "Darkweb Everywhere" extension [1] to
>> be integrated into HTTPS Everywhere. This is an extension for Tor
>> Browser that redirects users to the Tor Hidden Service version of a
>> website when possible.
>>
>> I'm supportive of the idea; however, I'm worried that since .onion
>> domain names are usually unrelated to a site's regular domain name, a
>> malicious ruleset would be hard to detect. AFAIK Darkweb Everywhere only
>> defends against this by publishing a doc in their Github repo that cites
>> evidence for each ruleset [2].
>>
>> What if, instead, we asked website owners to send an HTTP header that
>> indicates the Tor Hidden Service version of their website? Then HTTPS
>> Everywhere could cache the result (like HSTS) and redirect to the THS
>> version automatically in the future if the user opts-in.
>>
>> If this is something that EFF/Tor would be willing to advocate for, I
>> would be happy to draft a specification for the header syntax and
>> intended UA behavior.
>>
>> Thanks,
>> Yan
>>
>>
>> [1] https://github.com/chris-barry/darkweb-everywhere/
>> [2]
>> https://github.com/chris-barry/darkweb-everywhere/blob/master/doc/EVIDENCE.md
>> _______________________________________________
>> HTTPS-Everywhere mailing list
>> HTTPS-Everywhere at lists.eff.org
>> https://lists.eff.org/mailman/listinfo/https-everywhere
>>
>
> _______________________________________________
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere at lists.eff.org
> https://lists.eff.org/mailman/listinfo/https-everywhere
>
https://lists.torproject.org/pipermail/tor-talk/2014-May/032906.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20141103/7ea26cfe/attachment.sig>
More information about the HTTPS-Everywhere
mailing list