| ▲ | xg15 5 days ago | |
This seems like a general problem of using search on onion. I don't really understand how this is supposed to work at all, honestly. Either you already know the domain you want to visit or you don't. If you do, you don't need search. If you don't, how could you be sure that any search results are for the real site and not an MITM proxy? | ||
| ▲ | keepamovin 5 days ago | parent [-] | |
A bit circular. How do you know the domain? Trust. I like this “onion pinning” possibility: There is value in exposing the existence of an onion site via CT Logs. If someone navigates to the plain web version of a site, and is presented with a certificate containing a Subject Alternative Name (SAN) for both the plain web and the onion site that provides a strong cryptographic guarantee that they are the same site. Effectively this would replace the Onion-Location header with something more authenticated. | ||