Michael Wolf: > On 5/13/2014 7:24 PM, Patrick Schleizer wrote: >> darkweb-everywhere >> >> "HTTPS Everywhere rulesets for hidden services and eepsites." >> >> https://github.com/chris-barry/darkweb-everywhere >> > > I had an idea recently that might be an improvement (or might not?) on > the darkweb-everywhere concept. What if we introduced an HTTP header > similar to HSTS -- `X-Onion-Address` perhaps -- which could be sent by > sites that wished to advertise their .onion address? Just like HSTS, > the header would only be acted upon if received over HTTPS (we don't > want malicious parties injecting headers and redirecting people). > Future versions of TBB could perhaps automatically redirect users to the > .onion site when this header is present, or perhaps prompt users to > inform them of the hidden service. > > -- Mike >
Sounds good! Should some.clearnet.domain/some/thing send X-Onion-Address: xxx.onion/some/thing or X-Onion-Address: xxx.onion ? And vice versa, should .onion addresses send a HTTP header `X-Clearnet-Address`? To do it right, should it also support parameters that HSTS supports, such as max-age=15768000 / includeSubdomains? Can we implement that header already today or would changes in apache be required? -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
