28 Jan
2016
28 Jan
'16
8:06 p.m.
On 28 Jan 2016, at 00:06, Andreas Krey a.krey@gmx.de wrote:
(It also occurred to me that you don't actually need to be the clearservice org to be able to set up an onion for them, as long as there is no https enforced/needed on the onion side.)
Yes, which is a bit of a security nightmare. Malicious onion sites proxying clearnet or onion sites is a known issue.
There was a post on tor-talk about it recently: https://lists.torproject.org/pipermail/tor-talk/2016-January/040038.html
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F