|
| ▲ | charcircuit 11 hours ago | parent | next [-] |
| For example HTTP/2 and HTTP/3 require HTTPS. While technically HTTPS is redundant, .onion sites should avoid requiring browsers to add special casing for them due to their low popularity compared to regular web sites. |
| |
| ▲ | tucnak 7 hours ago | parent [-] | | What are benefits of HTTP/2 and HTTP/3 for Tor hidden service traffic? | | |
| ▲ | charcircuit 5 hours ago | parent [-] | | Considerably faster page load times due to being able to continue to use the same connection for each request. |
|
|
|
| ▲ | rnhmjoj 11 hours ago | parent | prev | next [-] |
| Yes, but browsers moan if you connect to a website without https, no matter if it's on localhost or an onion service. |
| |
| ▲ | creatonez 11 hours ago | parent | next [-] | | Tor Browser handles this, it treats `.onion` as a secure context. | |
| ▲ | tucnak 7 hours ago | parent | prev [-] | | Well, you're not supposed to use Tor from browsers that don't explicitly support it. Tor Browser, Brave, and I'm sure some others really wouldn't mind HTTP hidden service traffic. |
|
|
| ▲ | gizmo686 10 hours ago | parent | prev [-] |
| It would give you a certificate chain which may authenticate the onion service as being operated as who it purports to. Of course, depending on context, a certificate that is useful for that purpose might itself be too much if an information leak |
| |
| ▲ | huhhuh 10 hours ago | parent [-] | | DV certificates (that lets encrypt) provides offer no verification of the owner. EV certificates for .onion could be actually useful though, but one generally has to pay for EV cert. | | |
| ▲ | andrewaylett 5 hours ago | parent [-] | | A certificate that's valid for both a regular domain and an onion domain gives you a degree of confidence of common ownership. |
|
|
