diff options
| author | Steven Murdoch <Steven.Murdoch@cl.cam.ac.uk> | 2008-03-19 10:49:33 +0000 |
|---|---|---|
| committer | Steven Murdoch <Steven.Murdoch@cl.cam.ac.uk> | 2008-03-19 10:49:33 +0000 |
| commit | 985e8543a3586492b25311cd0573d51678f039c7 (patch) | |
| tree | 24b32a62130667d9118215108b9763a8e0396d4d /proposals/131-verify-tor-usage.txt | |
| parent | 51e9c4b45445dae0a26c2b4a21e6a726a9520287 (diff) | |
| download | torspec-985e8543a3586492b25311cd0573d51678f039c7.tar.gz torspec-985e8543a3586492b25311cd0573d51678f039c7.zip | |
Added Automatic Firefox Notification extension to the verify-tor-usage proposal (thanks Mike Perry)
svn:r14128
Diffstat (limited to 'proposals/131-verify-tor-usage.txt')
| -rw-r--r-- | proposals/131-verify-tor-usage.txt | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/proposals/131-verify-tor-usage.txt b/proposals/131-verify-tor-usage.txt index 0620928..bbc0b36 100644 --- a/proposals/131-verify-tor-usage.txt +++ b/proposals/131-verify-tor-usage.txt @@ -68,7 +68,7 @@ Extensions: configuration could include the following HTML: <h2>Connection chain</h2> <ul> - <li>Tor 0.1.2.14-alpha + <li>Tor 0.1.2.14-alpha</li> <!-- Tor Connectivity Check: success --> </ul> @@ -78,8 +78,8 @@ Extensions: browser: <h2>Connection chain <ul> - <li>Tor 0.1.2.14-alpha - <li>Polipo version 1.0.4 + <li>Tor 0.1.2.14-alpha</li> + <li>Polipo version 1.0.4</li> <!-- Tor Connectivity Check: success --> </ul> @@ -92,6 +92,35 @@ Extensions: loaded then the user will know that external connectivity through Tor works. + Automatic Firefox Notification: + + All forms of the website should return valid XHTML and have a + hidden link with an id attribute "TorCheckResult" and a target + property that can be queried to determine the result. For example, + a hidden link would convey success like this: + + <a id="TorCheckResult" target="success" href="/"></a> + + failure like this: + + <a id="TorCheckResult" target="failure" href="/"></a> + + and DNS leaks like this: + + <a id="TorCheckResult" target="dnsleak" href="/"></a> + + Firefox extensions such as Torbutton would then be able to + issue an XMLHttpRequest for the page and query the result + with resultXML.getElementById("TorCheckResult").target + to automatically report the Tor status to the user when + they first attempt to enable Tor activity, or whenever + they request a check from the extension preferences window. + + If the check website is to be themed with heavy graphics and/or + extensive documentation, the check result itself should be + contained in a seperate lightweight iframe that extensions can + request via an alternate url. + Security and resiliency implications: What attacks are possible? |