W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: Browsers and .onion names

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 27 Nov 2015 11:24:57 +1100
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <C21DE943-E841-44C4-9057-8AF51AB4D180@mnot.net>
To: Jacob Appelbaum <jacob@appelbaum.net>
On 26 Nov 2015, at 11:21 pm, Jacob Appelbaum <jacob@appelbaum.net> wrote:
> 
> On 11/26/15, Mark Nottingham <mnot@mnot.net> wrote:
>> Now that we have RFC7686, there's a new requirement applicable to HTTP
>> clients:
>> 
>> """
>> Applications (including proxies) that implement the Tor protocol MUST
>> recognize .onion names as special by either accessing them directly or using
>> a proxy (e.g., SOCKS [RFC1928]) to do so.  Applications that do not
>> implement the Tor protocol SHOULD generate an error upon the use of .onion
>> and SHOULD NOT perform a DNS lookup.
>> """
>> 
>> Is anyone aware of a browser that does this or plans to do so?
> 
> I believe that the Tor Browser properly implements RFC7686.

Thanks, Jake.

I'm wondering specifically about browsers that don't implement the Tor protocol; so far it looks like they don't conform. A few bugs:

https://bugzilla.mozilla.org/show_bug.cgi?id=1228457
https://code.google.com/p/chromium/issues/detail?id=562265
https://github.com/bagder/curl/issues/543
Apple bug 23672882

I don't have a Windows box on hand, would love it if someone could test there and file a bug if appropriate.

Cheers,

--
Mark Nottingham   https://www.mnot.net/
Received on Friday, 27 November 2015 00:25:27 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC