On Sat, 22 Sep 2018, 16:07 Roman Mamedov, <r...@romanrm.net> wrote: > There is no point in running HTTPS-over-Tor-hidden-service, as .onion > traffic > is already authenticated and encrypted, it only adds useless overhead.
I see your point, but there are a couple of additional perspectives to be considered: https://medium.com/@alecmuffett/onions-certs-browsers-a-three-way-mexican-standoff-7dc987b8ebc8 - especially regarding new functionality that will be locked to HTTPS If > there's no way around that with the alt-svc scheme, that seems like a huge > oversight. > Respecting AltSvc on port 80 would be as dangerous, possibly more dangerous, than cleartext HTTP already is; and regards the notion of making "onion" into a widely respected secure source equivalent to a HTTPS site, please see the above essay. -a -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
