Thanks for your work on this and the explanations on this list. When things cleared up a bit, i'll add them to the manual:
#27820 new task Explain the different approaches to onionify a website http://ea5faa5po25cf7fb.onion/projects/tor/ticket/27820 https://bugs.torproject.org/27820 On Sat, 22 Sep 2018 16:15:08 +0100 Alec Muffett <alec.muff...@gmail.com> wrote: > On Sat, 22 Sep 2018, 16:07 Roman Mamedov, <r...@romanrm.net> wrote: > > > There is no point in running HTTPS-over-Tor-hidden-service, > > as .onion traffic > > is already authenticated and encrypted, it only adds useless > > overhead. > > > I see your point, but there are a couple of additional perspectives > to be considered: > https://medium.com/@alecmuffett/onions-certs-browsers-a-three-way-mexican-standoff-7dc987b8ebc8 > - especially regarding new functionality that will be locked to HTTPS > > > If > > there's no way around that with the alt-svc scheme, that seems like > > a huge oversight. > > > > > Respecting AltSvc on port 80 would be as dangerous, possibly more > dangerous, than cleartext HTTP already is; and regards the notion of > making "onion" into a widely respected secure source equivalent to a > HTTPS site, please see the above essay. > > -a -- traumschule.org gpg fingerprint: 9356 4DED 8546 8D9A C290 3605 12EE 7D70 7111 2056 /otr info OTR: traumsch...@irc.indymedia.org fingerprint: OTR: 35AACA83 4564616C B6EBEC66 56B6B2FC C8D572F1 OTR: traumsch...@irc.oftc.net fingerprint: OTR: D1CCD207 B60C1866 56A975AE ACE090E9 45E90846 OTR: traumsch...@chat.freenode.net fingerprint: OTR: 51BF8BB9 434840CC 24F264BC 76450C27 A6AADB12 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk