On Tue, Jul 21, 2020 at 07:52:41PM +0200, Sebastian Hahn wrote:
On 21. Jul 2020, at 05:58, Matthew Finkel sysrqb@torproject.org wrote: On Tue, Jul 21, 2020 at 01:47:40AM +0200, Sebastian Hahn wrote:
If there were some sensible way to have https which terminates at their end while they don't have to operate a hidden service, I am pretty sure we could work something out and I would obviously go for it.
I like Ian's example, if that is an option. I see that nginx supports something similar, too. I can imagine a hacky socat solution, too (but a reverse proxy is less of a ducktape-and-chewing-gum design).
I also like Ian's suggestion, but it is not a fix. There's no end to end https between browser and webserver, users still need to trust me to not modify traffic. It only gets rid of the transport issue (which I don't worry about too much in this instance, tbh).
Yes, the "onion service-in-the-middle" design requires that someone trust the onion service operator (either the client or the website administrator).
In the future, maybe the website can use a SOOC [0] (TLS certificate) with a binding for your onion service. If not, then solving this problem will be difficult without the admin deploying their own onion service and/or using a DV cert containing the .onion address.
[0] https://github.com/alecmuffett/onion-dv-certificate-proposal/blob/master/tex...