I have little useful opinion to add to this right now, but there is already an existing draft for an "Alternate Service" header - which may be relevant or inspirational:

    https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-09

At scale it might be costly to issue a header to all browsers in order to advertise an alternate service to some small fraction of people whom are actually able to (or desire) to use it.

Perhaps only issuing the header to people who access from an exit node, might reduce that cost?

    -a


On Feb 4, 2016, at 14:16, MacLemon <tor@maclemon.at> wrote:

Hi!

Just an idea:
What about announcing that your site is also available via onion-service by sending an x-onion HTTP response header on your HTTPS website?

For example:
The clearweb site https://www.torproject.org/ could send a header like this:
x-onion:http://examplefoobarbaz.onion/

Or in case you can actually provide a valid TLS certificate for your Onion:
x-onion:https://examplefoobarbaz.onion/

Another idea would be to also provide the fingerprint of the to-be-expected TLS certificate. This could look like so:

x-onion:cert-sha256="1h89m/yelEy6l1poFiXZQbJ1s6BkrOquBl7Fd+0EOO0="; https://examplefoobarbaz.onion/
Similar to what is done with HPKP headers, but without pinning.

Follow up question:
How could this be done with non-HTTP services? (XMPP, SMTP, etc.)

Best regards
@MacLemon
_______________________________________________
tor-onions mailing list
tor-onions@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions