Web Browsers and Servers: Arti 1.1.12, nginx, and More
-
Tor ☛ Arti 1.1.12 is released: Now you can test onion services!
Arti is our ongoing project to create a next-generation Tor client in Rust. Now we're announcing the latest release, Arti 1.1.12.
With Arti 1.1.12, it's finally possible to run onion services for testing and experimentation. There are a lot of rough edges and missing security features, so we don't (yet) recommend Arti onion services for production use, or for any purpose that requires privacy.
-
Ruben Schade ☛ Multiple charsets in nginx
You know my post last October about why we should use UTF-8 everywhere? Well, Clara and I cheat with Sasara.moe, our retro themed web server. I wanted these pages readable on our retrocomputers, so I deliver them over standard HTTP with ISO-8859-1.
-
Daniel Stenberg ☛ Funding Stefan’s curl work
The curl fund sponsors curl development in Q1 2024 . The curl fund consists entirely and only of money donated to the project by companies and individuals.
Thank you sponsors!
These two funded projects are first out in 2024.
-
University of Toronto ☛ One of the things limiting the evolution of WebPKI is web servers
One way to make Web PKI better is to make certificate revocation work better, which is to say more or less at all. The Online Certificate Status Protocol (OCSP) would allow browsers to immediately check if a certificate was revoked, but there are a huge raft of problems with that. The only practical way to deploy it is with OCSP Stapling, where web servers would include a proof from the Certificate Authority that their TLS certificate hadn't been revoked as of some recent time. However, to deploy OCSP Stapling, web servers and the environment around them needed to be updated to obtain OCSP responses from the CA and then include these responses as additional elements in the TLS handshake.