[tor-dev] Proposal 203: Avoiding censorship by impersonating an HTTPS server

Tom Ritter tom at ritter.vg
Wed Jul 11 21:58:49 UTC 2012

On 11 July 2012 14:43, Jens Kubieziel <maillist at kubieziel.de> wrote:
> * Nick Mathewson schrieb am 2012-06-26 um 00:23 Uhr:
>> Side note: What to put on the webserver?
>>    To credibly pretend not to be ourselves, we must pretend to be
>>    something else in particular -- and something not easily identifiable
>>    or inherently worthless.  We should not, for example, have all
>   We could also present some page which looks like a valid login page or
>   a fresh installation (Apache, Mediawiki or something other popular).
>   Another similar idea is it to deliver some error page, like a blank
>   page with a MySQL-, PHP-, Tomcat or any other error message.

Or perhaps a 401 Authorization Required message, with a randomly
generated realm/name.  I think a lot of things would break if a censor
blocked all such prompts.


More information about the tor-dev mailing list