* on the Wed, Apr 30, 2014 at 09:32:03AM +0200, Werner Koch wrote: > as part of the Crowdfunding campaign, I promised to offer an onion > address for wwww.gnupg.org . Well, being a well known site, it does not > really make much sense to have it as a hidden service; but if > www.gnupg.org is accessed anyway via tor we could also avoid the extra > TLS layer and and allow direct access via tor: > > ic6au7wa3f6naxjq.onion > > Note that lists.gnupg.org and some other services are not yet available > via an onion address.
I just did a quick "wget ic6au7wa3f6naxjq.onion" and inspected the HTML and noticed that some of the links are absolute and refer to www.gnupg.org, which would take people away from the none-hidden version of the site. Example: <a href="http://www.gnupg.org/aegypten/";>Aegypten</a> Links like that should probably be made relative. Also, note that the link there is none-https, which would redirect people out of the "secure" version of the site if they're using a browser which does not support HSTS, e.g Internet Explorer 11 and below. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
