[tor-bugs] #33568 [Applications/Tor Browser]: Namecoin for TLS certificate validation

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 9 08:22:05 UTC 2020


#33568: Namecoin for TLS certificate validation
-------------------------+------------------------------------------
 Reporter:  JeremyRand   |          Owner:  tbb-team
     Type:  enhancement  |         Status:  new
 Priority:  Medium       |      Component:  Applications/Tor Browser
  Version:               |       Severity:  Normal
 Keywords:  namecoin     |  Actual Points:
Parent ID:               |         Points:
 Reviewer:               |        Sponsor:
-------------------------+------------------------------------------
 Namecoin can provide DANE-style functionality for TLS certificate
 validation.  This would enable validating trust of TLS certificates for
 onion services that have a Namecoin domain (relevant for Whonix-style
 trust models) without relying on public CA's, and would also make it
 harder for MITM attacks against exit traffic to be performed (if Namecoin
 support for exit traffic were added to Tor Browser).

 Firefox does not natively support DANE, but we (the Namecoin devs) have
 identified a way to get DANE-like functionality in Firefox with no code
 patches to Firefox (we're using the PKCS11 "FindObjects" API to achieve
 this).  Some small code patches to Firefox would make the code cleaner,
 but this wouldn't be required.

 I assume this is a lower priority than the existing Namecoin support for
 onion services that's currently in Tor Browser Nightly, but Matt asked me
 to file a ticket for it anyway since it came up in one of the Tor Browser
 IRC meetings.

 (As a side note, Namecoin's approach for getting DANE-like functionality
 in Firefox would probably be equally workable for the .onion TLD, so this
 might also allow things like putting a TLSA record in an onion service
 descriptor, without relying on Namecoin itself at all.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33568>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list