diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/spec/proposals/131-verify-tor-usage.txt | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/doc/spec/proposals/131-verify-tor-usage.txt b/doc/spec/proposals/131-verify-tor-usage.txt index 0620928c0..bbc0b3634 100644 --- a/doc/spec/proposals/131-verify-tor-usage.txt +++ b/doc/spec/proposals/131-verify-tor-usage.txt @@ -68,7 +68,7 @@ Extensions: configuration could include the following HTML: <h2>Connection chain</h2> <ul> - <li>Tor 0.1.2.14-alpha + <li>Tor 0.1.2.14-alpha</li> <!-- Tor Connectivity Check: success --> </ul> @@ -78,8 +78,8 @@ Extensions: browser: <h2>Connection chain <ul> - <li>Tor 0.1.2.14-alpha - <li>Polipo version 1.0.4 + <li>Tor 0.1.2.14-alpha</li> + <li>Polipo version 1.0.4</li> <!-- Tor Connectivity Check: success --> </ul> @@ -92,6 +92,35 @@ Extensions: loaded then the user will know that external connectivity through Tor works. + Automatic Firefox Notification: + + All forms of the website should return valid XHTML and have a + hidden link with an id attribute "TorCheckResult" and a target + property that can be queried to determine the result. For example, + a hidden link would convey success like this: + + <a id="TorCheckResult" target="success" href="/"></a> + + failure like this: + + <a id="TorCheckResult" target="failure" href="/"></a> + + and DNS leaks like this: + + <a id="TorCheckResult" target="dnsleak" href="/"></a> + + Firefox extensions such as Torbutton would then be able to + issue an XMLHttpRequest for the page and query the result + with resultXML.getElementById("TorCheckResult").target + to automatically report the Tor status to the user when + they first attempt to enable Tor activity, or whenever + they request a check from the extension preferences window. + + If the check website is to be themed with heavy graphics and/or + extensive documentation, the check result itself should be + contained in a seperate lightweight iframe that extensions can + request via an alternate url. + Security and resiliency implications: What attacks are possible? |