[tor-talk] darkweb-everywhere - was: Using HTTPS Everywhere to redirect to .onion
adrelanos at riseup.net
Wed May 14 01:10:27 UTC 2014
> On 5/13/2014 7:24 PM, Patrick Schleizer wrote:
>> "HTTPS Everywhere rulesets for hidden services and eepsites."
> I had an idea recently that might be an improvement (or might not?) on
> the darkweb-everywhere concept. What if we introduced an HTTP header
> similar to HSTS -- `X-Onion-Address` perhaps -- which could be sent by
> sites that wished to advertise their .onion address? Just like HSTS,
> the header would only be acted upon if received over HTTPS (we don't
> want malicious parties injecting headers and redirecting people).
> Future versions of TBB could perhaps automatically redirect users to the
> .onion site when this header is present, or perhaps prompt users to
> inform them of the hidden service.
> -- Mike
Should some.clearnet.domain/some/thing send
And vice versa, should .onion addresses send a HTTP header
To do it right, should it also support parameters that HSTS supports,
such as max-age=15768000 / includeSubdomains?
Can we implement that header already today or would changes in apache be
More information about the tor-talk