tor-onions February 2016

tor-onions@lists.torproject.org

30 participants
14 discussions

Announcing Onion-Website with x-onion response-header?
by MacLemon 07 Feb '16

07 Feb '16

Hi! Just an idea: What about announcing that your site is also available via onion-service by sending an x-onion HTTP response header on your HTTPS website? For example: The clearweb site https://www.torproject.org/ could send a header like this: x-onion:http://examplefoobarbaz.onion/ Or in case you can actually provide a valid TLS certificate for your Onion: x-onion:https://examplefoobarbaz.onion/ Another idea would be to also provide the fingerprint of the to-be-expected TLS certificate. This could look like so: x-onion:cert-sha256="1h89m/yelEy6l1poFiXZQbJ1s6BkrOquBl7Fd+0EOO0="; https://examplefoobarbaz.onion/ Similar to what is done with HPKP headers, but without pinning. Follow up question: How could this be done with non-HTTP services? (XMPP, SMTP, etc.) Best regards @MacLemon

6 5

Random Onion Tip
by Alec Muffett 05 Feb '16

05 Feb '16

Happy Friday! Obligatory Onion tip: if you are running a public/onion hybrid site, you probably want to block Tor2web. This may sound weird ("zomg block!") but since you are already on both networks then there is risk and isn't much benefit to being accessible via Tor2web. We actually worked with Fabio/naif from Tor2web to achieve this, to keep people safer: https://github.com/globaleaks/Tor2web/issues/162 <https://github.com/globaleaks/Tor2web/issues/162> The block is simple: deny (with a helpful message) Onion requests which contain a 'X-Tor2web' header; see the SecureDrop discussion at https://github.com/freedomofpress/securedrop/issues/43 <https://github.com/freedomofpress/securedrop/issues/43> for more context. Whether your message issues or offers a redirect link is a matter of taste. We chose not to. The block is reinforced by those sites which are able to obtain an EV Onion certificate, which hampers use from uncertificated domains. -a

1 0

IRC Idea
by Alec Muffett 04 Feb '16

04 Feb '16

#tor-onions on OFTC?

5 4

Onion Mirrors
by Jonathan Marquardt 01 Feb '16

01 Feb '16

Hello onions! I just wanted to tell you about a new Onion Service I set up. Onion Mirrors is a project dedicated to setting up file mirrors as Onion Services. URL: http://onionmirors63y7c.onion/ Right now, since the project just started, there's only a Debian archive mirror. Please tell me what you think about this and use the mirror as you please. :) Parckwart

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

tor-onions February 2016