[Tor2web-talk] Fwd: DNSSEC better protecting users?

[Fabio Pietrosanti (naif) - lists]

On 1/10/15 10:27 PM, Tom Ritter wrote:
> DNSSEC does not provide confidentiality of DNS queries.  You would
> need to put the .onion into the path, like
> https://tor2web.org/example0123456.onion/stuff.html
>
> I'm not seeing any reason you couldn't do this, but it would require
> significantly more link rewriting inside tor2web.
That's a recurring topic that has been discussed several times in the
mailing list.

The reason why we abandoned since Tor2web 2 the x.tor2web.org approach was:
- Cross Site Scripting vulnerability (site A can hack cookie of site B)
- More difficult rewriting rules needed on the t2w server (that means
more broken website on tor2web)

Tor2web is a "Web Proxy" and all web proxy software sucks.
Those cannot effectively make all the website working with rewriting.
So, less rewriting we have to do, more the chance we have that a website
will not be broken over Tor2web.

If you look at well known software such as PHPProxy or GLype or CGIProxy
there's tons and tons of hackery to make specific website to works.

I feel  that we shall try to keep things as simple as possible (from the
header/content/url rewriting perspective) in order to avoid ending up in
the never-ending-game of "apply this fix to make this specific website
works" .

-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi