[tor-onions] Announcing Onion-Website with x-onion response-header?
Mirco Bauer
meebey at meebey.net
Sun Feb 7 11:10:02 UTC 2016
[Reply inline]
Am 06.02.2016 3:43 nachm. schrieb "Martijn Grooten" <
martijn at lapsedordinary.net>:
>
> On Thu, Feb 04, 2016 at 03:36:44PM +0000, Alec Muffett wrote:
> > Perhaps only issuing the header to people who access from an exit node,
might
> > reduce that cost?
>
> Even so, and especially then, this sound like an easy way for someone
> operating a rogue exit node to get persistent MitM on non-HTTPS sites.
So accept this header just on https connections and all is well.
I thought of using DNS to advertise onion services via SRV records but that
requires DNSsec, to protect against stripping/downgrade attacks.
Best regards
Mirco Bauer
>
> Martijn.
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJWtgSPAAoJEI5dMs9dIv8ZijgH/jFDIGdwtmnRgMUmEwhxq/hA
> RO650YLi5MOvaL030bWURSQdMlA40bsCnJCrWKIUv0PdOe4Ml2NHG6Tb2Z7cGZ4c
> n3deflDpPrX7FD8HhI26ftrVkEv+1jOD7crfpCUJegijx8Q+YykR2IPVabZgaOZo
> vgi6mJN4LMqb7n5FVdyKOJ2JhowS+ss7xWZetrzpFhk5JUe6f/oYGfDtkUwfYhgx
> i5YnBACAjEF1cXVeu1vi1y9Yd3ILy3+YFDdpxl/ub8yHGx2/SQMYICBZpVIlhio3
> 0Oh7RWc6dOKIve7+61DVTnkZES9cHbNaQ97NOLMjKDZ7HJKvj/THsiHAy6m8vYc=
> =jZnh
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> tor-onions mailing list
> tor-onions at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-onions/attachments/20160207/51e43991/attachment.html>
More information about the tor-onions
mailing list