[tor-onions] Announcing Onion-Website with x-onion response-header?
MacLemon
tor at maclemon.at
Thu Feb 4 14:16:40 UTC 2016
Hi!
Just an idea:
What about announcing that your site is also available via onion-service by sending an x-onion HTTP response header on your HTTPS website?
For example:
The clearweb site https://www.torproject.org/ could send a header like this:
x-onion:http://examplefoobarbaz.onion/
Or in case you can actually provide a valid TLS certificate for your Onion:
x-onion:https://examplefoobarbaz.onion/
Another idea would be to also provide the fingerprint of the to-be-expected TLS certificate. This could look like so:
x-onion:cert-sha256="1h89m/yelEy6l1poFiXZQbJ1s6BkrOquBl7Fd+0EOO0="; https://examplefoobarbaz.onion/
Similar to what is done with HPKP headers, but without pinning.
Follow up question:
How could this be done with non-HTTP services? (XMPP, SMTP, etc.)
Best regards
@MacLemon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-onions/attachments/20160204/1d88bc68/attachment.sig>
More information about the tor-onions
mailing list