Delivery-Date: Wed, 16 Dec 2015 09:23:48 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id D0D3B1E09E2;
	Wed, 16 Dec 2015 09:23:46 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 8E3EA38725;
	Wed, 16 Dec 2015 14:23:42 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B54E3386EB
 for <tor-talk@lists.torproject.org>; Wed, 16 Dec 2015 14:23:38 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ZWQbSyytb-t5 for <tor-talk@lists.torproject.org>;
 Wed, 16 Dec 2015 14:23:38 +0000 (UTC)
Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com
 [IPv6:2607:f8b0:400d:c09::232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 8E3B1386E1
 for <tor-talk@lists.torproject.org>; Wed, 16 Dec 2015 14:23:38 +0000 (UTC)
Received: by mail-qk0-x232.google.com with SMTP id k189so65398856qkc.0
 for <tor-talk@lists.torproject.org>; Wed, 16 Dec 2015 06:23:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=LCf8zczVE5g+qWySSqxXlpVlct9mg5DpPVZQn4dwyAk=;
 b=ftZ6OYknS49T4R4xLu9d2Jn/PruTU0NZobzKNAVxsksXzQs+vSx0qxyo3PCgMnAQ63
 NWhxaTYrRHivGVusrJdRYGG+TqVJjWTDcrUFxXkSe7bLke6td68aCHPnsM/sCg7jwKkj
 t8F6tq4qrHjMf4zgfDcPiLdZmQBwnNJ+MH5CtkVkay+3HGS4d1guL7c2c+CY+bqm6YfK
 0PxiO8f54dcRAPuSHMiO2uDbnBuNHKoj1+PVEMboI9upFtBg0oGNZI0LSG0rGGJvTVqV
 ayFc+5KpPayyjZ40JekUTMOX7sh2Xo92CyLihg3NqXkxhcrG8Wr4zCgamuovrLpKpr7h
 wQZg==
MIME-Version: 1.0
X-Received: by 10.129.108.88 with SMTP id h85mr12323677ywc.156.1450275815928; 
 Wed, 16 Dec 2015 06:23:35 -0800 (PST)
Received: by 10.129.74.4 with HTTP; Wed, 16 Dec 2015 06:23:35 -0800 (PST)
Date: Wed, 16 Dec 2015 09:23:35 -0500
Message-ID: <CAB7TAMm-hg20SoFKMf_24FS_cMT+g3bnF71N3GcHEW8FU3Xp3g@mail.gmail.com>
From: Allen <allenpmd@gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: [tor-talk] torpoxy support for forced https
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

>
> To get all the ways in which web browsers threat https differently
> from http: mixed content warnings, cookie policies etc. pp.
> Browsers won't special-case .onion as 'like https', and should not
> because whether they actually are depends on things outside the
> browser.
>

I suggest torproxy could generate a random CA certificate when its
installed and transparently convert all http to https, generating the
required SSL certificates on-the-fly and signing them with the random CA
certificate.  The user would then have to add the random CA certificate to
their browser, or better yet, this could somehow be automated for the Tor
Browser.  One open question with this scheme is whether torproxy would also
need to rewrite html content to change http urls to https.

Alternately, the Tor Project could ask Mozilla and other browsers
developers to add a switch for "treat .onion as secure".  Or maybe it could
be "treat .onion as secure but only if certain conditions hold, such as the
proxy is running on the localhost and a to-be-determined status query of
the proxy succeeds".
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

