[tor-dev] UX improvement proposal: Onion auto-redirects using Onion-Location HTTP header

nusenu nusenu-lists at riseup.net
Sat Sep 22 19:55:00 UTC 2018

(changed the subject to make clear that this is NOT about Alt-Svc anymore)

I assume this is limited to onions for sites that do not aim for server side location anonymity.

> FYI: the proposal is now the first Tor Browser proposal:
> https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/100-onion-location-header.txt

in the light of the fact that this proposal has been started before
Tor Browser 8 with Alt-Svc support for .onions was a thing (and CF jumping on it [0])
I'm wondering how you think about it compared to what benefits Alt-Svc provides
over what Onion-Location provides?

Are you unsatisfied with what RFC 7838 - HTTP Alternative Services
provides or is "onion address is displayed in URL bar" one of your goals/requirements of this proposal?

Although Alt-Svc does not work reliably _yet_ and the UI part is missing [3]
I find it addresses some rather important issues that 'Onion-Location' does not:

- users get the transport security benefits of .onions without Tor Browser displaying 
hard/impossible to remember/recognize randomly looking strings.

Long randomly looking  strings in the domain part of the URL that would probably 
confuse many users and make it harder to answer the question "Am I still on the page I want to be?" 
(I consider it a major UX improvement that you can display the non 
.onion domain name while the traffic actually goes to the .onion)

- users will use onions transparently 
without asking them questions they probably don't understand or don't want
to be bothered with everytime they visit a website [1]
I believe asking fewer questions, safe defaults and configuration options for advanced users
are some reasonable goals.

- it solves the ".onions can't get DV certs (yet)" issue

[0] https://blog.cloudflare.com/cloudflare-onion-service/
[1] https://trac.torproject.org/projects/tor/attachment/ticket/21952/21952.png
[2] https://trac.torproject.org/projects/tor/ticket/27590
[3] https://trac.torproject.org/projects/tor/ticket/27590#comment:2


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20180922/7a4a25ea/attachment.sig>

More information about the tor-dev mailing list