[tor-dev] Proposal 203: Avoiding censorship by impersonating an HTTPS server
tom at ritter.vg
Wed Jul 11 21:58:49 UTC 2012
On 11 July 2012 14:43, Jens Kubieziel <maillist at kubieziel.de> wrote:
> * Nick Mathewson schrieb am 2012-06-26 um 00:23 Uhr:
>> Side note: What to put on the webserver?
>> To credibly pretend not to be ourselves, we must pretend to be
>> something else in particular -- and something not easily identifiable
>> or inherently worthless. We should not, for example, have all
> We could also present some page which looks like a valid login page or
> a fresh installation (Apache, Mediawiki or something other popular).
> Another similar idea is it to deliver some error page, like a blank
> page with a MySQL-, PHP-, Tomcat or any other error message.
Or perhaps a 401 Authorization Required message, with a randomly
generated realm/name. I think a lot of things would break if a censor
blocked all such prompts.
More information about the tor-dev