On 21. Jul 2020, at 05:58, Matthew Finkel sysrqb@torproject.org wrote: On Tue, Jul 21, 2020 at 01:47:40AM +0200, Sebastian Hahn wrote:
If there were some sensible way to have https which terminates at their end while they don't have to operate a hidden service, I am pretty sure we could work something out and I would obviously go for it.
I like Ian's example, if that is an option. I see that nginx supports something similar, too. I can imagine a hacky socat solution, too (but a reverse proxy is less of a ducktape-and-chewing-gum design).
I also like Ian's suggestion, but it is not a fix. There's no end to end https between browser and webserver, users still need to trust me to not modify traffic. It only gets rid of the transport issue (which I don't worry about too much in this instance, tbh).
Cheers Sebastian