[tor-bugs] #15575 [Ooni]: Add test for HTTP Opportunistic Encryption
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 3 09:32:06 UTC 2015
#15575: Add test for HTTP Opportunistic Encryption
-------------------------+-------------------------
Reporter: reezer | Owner: hellais
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Ooni | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+-------------------------
With Firefox and Chrome now supporting Opportunistic Encryption of HTTP in
order to avoid a passive attacker stripping or modifying that header may
be a worthwhile attack. It should probably be explicitly checked for, as
modifying this particular header has a great chance for being an actual
attack on a website supporting it.
Blog Articles on the Header:
http://bitsup.blogspot.co.at/2015/03/opportunistic-encryption-for-
firefox.html
http://blog.alteroot.org/articles/2015-03-28/HTTP-alternative-services-
and-opportunistic-encryption.html
RFC explaining the Header:
https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-04
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15575>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list