Delivery-Date: Thu, 24 Dec 2015 06:48:48 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 8B56E1E02D2;
	Thu, 24 Dec 2015 06:48:46 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6F39B38AC8;
	Thu, 24 Dec 2015 11:48:40 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B31B338AC2
 for <tor-talk@lists.torproject.org>; Thu, 24 Dec 2015 11:48:36 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 81t16BvXrpTU for <tor-talk@lists.torproject.org>;
 Thu, 24 Dec 2015 11:48:36 +0000 (UTC)
Received: from forward12p.cmail.yandex.net (forward12p.cmail.yandex.net
 [87.250.241.138])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 79BBB38ABF
 for <tor-talk@lists.torproject.org>; Thu, 24 Dec 2015 11:48:36 +0000 (UTC)
X-Greylist: delayed 334 seconds by postgrey-1.34 at eugeni;
 Thu, 24 Dec 2015 11:48:36 UTC
Received: from smtp18.mail.yandex.net (smtp18.mail.yandex.net [95.108.252.18])
 by forward12p.cmail.yandex.net (Yandex) with ESMTP id 013792148D
 for <tor-talk@lists.torproject.org>; Thu, 24 Dec 2015 14:42:56 +0300 (MSK)
Received: from smtp18.mail.yandex.net (localhost [127.0.0.1])
 by smtp18.mail.yandex.net (Yandex) with ESMTP id A252B18A0090
 for <tor-talk@lists.torproject.org>; Thu, 24 Dec 2015 14:42:56 +0300 (MSK)
Received: by smtp18.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id
 dNoUAjyzTM-gsqCL6EL; Thu, 24 Dec 2015 14:42:55 +0300
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client certificate not present)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail;
 t=1450957376; bh=6BsTDtoSSc7VyufDCtKps1SoWKXSwaaQgMB4FURzdOQ=;
 h=Date:From:To:Subject:Message-ID:In-Reply-To:References:X-Mailer:
 MIME-Version:Content-Type:Content-Transfer-Encoding;
 b=oUWm3s/fbh4orwRnOFFwTjqc+fKxk+XnCpG67rR8KRUYjrcCf2kr9M4flb9IfT7Ap
 Lykiu1EDVNPiPf++x8mWeDOJdYJCQkAP0p9EIHG+8FH9ghmU9Q8VLusZPxB0qq3M86
 0uswrPrBIX3y1T4GDq5eI2GFjyI/iWzW9o55pa/8=
Authentication-Results: smtp18.mail.yandex.net; dkim=pass header.i=@yandex.com
X-Yandex-ForeignMX: US
Date: Thu, 24 Dec 2015 21:41:12 +1000
From: Katya Titov <kattitov@yandex.com>
To: tor-talk@lists.torproject.org
Message-ID: <20151224214112.18368519@localhost.localdomain>
In-Reply-To: <CAB7TAMm-hg20SoFKMf_24FS_cMT+g3bnF71N3GcHEW8FU3Xp3g@mail.gmail.com>
References: <CAB7TAMm-hg20SoFKMf_24FS_cMT+g3bnF71N3GcHEW8FU3Xp3g@mail.gmail.com>
X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Subject: Re: [tor-talk] torpoxy support for forced https
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

> I suggest torproxy could generate a random CA certificate when its
> installed and transparently convert all http to https, generating the
> required SSL certificates on-the-fly and signing them with the random
> CA certificate.  The user would then have to add the random CA
> certificate to their browser, or better yet, this could somehow be
> automated for the Tor Browser.  One open question with this scheme is
> whether torproxy would also need to rewrite html content to change
> http urls to https.

This is similar to a method which oppressive governments use to monitor
their users. Not something that Tor should be involved in.

> Alternately, the Tor Project could ask Mozilla and other browsers
> developers to add a switch for "treat .onion as secure".  Or maybe it
> could be "treat .onion as secure but only if certain conditions hold,
> such as the proxy is running on the localhost and a to-be-determined
> status query of the proxy succeeds".

.onion sites already are secure. I think what you are looking for is a
way to to signal to the user that HTTPS is not required for .onion
sites. I'd lean towards just using HTTPS because that means there is no
further education to be performed. Let's Encrypt could help here.
-- 
kat
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

