[tor-onions] Announcing Onion-Website with x-onion response-header?
ncl at cock.li
ncl at cock.li
Sat Feb 6 19:57:08 UTC 2016
Alec Muffett:
> I have little useful opinion to add to this right now, but there is
> already an existing draft for an "Alternate Service" header - which
> may be relevant or inspirational:
>
> https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-09
>
> At scale it might be costly to issue a header to all browsers in
> order to advertise an alternate service to some small fraction of
> people whom are actually able to (or desire) to use it.
Martijn Grooten:
> On Thu, Feb 04, 2016 at 03:36:44PM +0000, Alec Muffett wrote:
>> Perhaps only issuing the header to people who access from an exit node, might
>> reduce that cost?
>
> Even so, and especially then, this sound like an easy way for someone
> operating a rogue exit node to get persistent MitM on non-HTTPS sites.
Could onion services be announced via ALPN maybe?
More information about the tor-onions
mailing list