Specify HTTP CONNECT implementation and extensions
We'd like to implement and recommend HTTP CONNECT as a preferred proxy mechanism in arti. Before we do so, we should document Tor's behavior in this regard as we do for SOCKS in https://spec.torproject.org/socks-extensions.html.
After we
-
have the status quo documented (!392 (merged))
We can clean up its warts, including:
-
Ad-hoc response codes -
Lack of onion-service informational extensions -
Lack of RFC conformance (if any)
Then we extend it as needed:
-
to support Arti's RPC -
to give a supported method for providing structured isolation information (like first-party isolation) -
to set other per-connection flags, possibly -
to make sure that there's no way for a hostile website to make the browser probe the HTTP CONNECT port. -
to consider a polyglot proxy port that accepts both SOCKS and HTTP CONNECT (if this can be done safely)
Edited by Nick Mathewson