On Sat, Jul 7, 2012 at 2:47 PM, Michael Rauch <[email protected]> wrote: > - with PageKite, this probably leads to registering a domain name for a box. > as this is how the regular web works, normal browser/http-client can access > the page/service.
or subdomain, which saves money. we could use per-box startssl certs instead of certs on the proxy, but if the proxy is the apt server anyway then that does not really increase security, and it's annoying that you have to renew them each year. > - with Tor HS, no need to register a domain. as long as you don't loose the > private-key you keep the same .onion address. to access the page/service, > you need a Tor-Browser, Tor-Proxy or go via tor2web though. for mainstream users that would mean going via tor2web, so effectively still a reverse proxy setup. also, the Tor-based setup is not something we have working in production right now on normal Debian PCs, so unlike the pagekite-based setup, it's not readily packageable > > as i understand the proposition, the focus is on allowing unhosted-apps > (JavaScript in an ordinary webbrowser) to access the fbx. yes, that would be one functionality, the other would be privoxy when accessing the internet from within the box's wifi range. > maybe an > unhosted-app could try first the .onion address directly (which succeeds if > a tor-proxy is used) and fallback on tor2web if necessary? if you tell an unhosted web app that you want to connect your remote storage on an onion address, then it will try to do cross-origin XHR to that onion address, yes. it will go to whatever address you give it. i think the main point (for me, at least) is that we want to get a 2013 version out there now, that has functionality for a mainstream user. It would then be updateable through apt as soon as we have more better things working, and then the 2014 version can have full FreedomBuddy-based onion routing. my main open questions for the pagekite-based setup we're proposing are if it makes sense to put ssl-certs on the boxes (i have a feeling that it doesn't), and how we want to do the installation (i think the best way is to connect it via ethernet to the existing ISP-supplied router, and make it emit a wifi access point). _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
