[tor-dev] Of CA-signed certs and .onion URIs
Jeremy Rowley
jeremy.rowley at digicert.com
Tue Nov 18 19:14:51 UTC 2014
Thanks George - that is where the discussion is happening. Unfortunately, public participation is really limited in the CAB Forum. However, if you want to help, please reach out to the individuals advocating against the proposal (or submit your suggestions to me) to see if we can get a secure, but useful, process adopted.
-----Original Message-----
From: tor-dev [mailto:tor-dev-bounces at lists.torproject.org] On Behalf Of George Kadianakis
Sent: Tuesday, November 18, 2014 10:55 AM
To: tor-dev at lists.torproject.org
Subject: Re: [tor-dev] Of CA-signed certs and .onion URIs
Tom Ritter <tom at ritter.vg> writes:
> There's been a spirited debate on irc, so I thought I would try and
> capture my thoughts in long form. I think it's important to look at
> the long-term goals rather than how to get there, so that's where I'm
> going to start, and then at each item maybe talk a little bit about
> how to get there. So I think the Tor Project and Tor Browser should:
>
> a) Eliminate self-signed certificate errors when browsing https:// on
> an onion site
> b) Consider how Mixed Content should interact with .onion browsing
> c) Get .onion IANA reserved
> d) Address the problems that Facebook is/was concerned about when
> deploying a .onion
> e) Consider how EV treatment could be used to improve poor .onion
> readability
>
Thanks for all the thoughts Tom!
This is hard topic and I don't really have strong opinions on this.
Some notes:
- Allowing self-signed certs sounds like a potentially good idea to
me. However, I can hear grarpamp's concerns and it's not obviously
clear to me that it's something we should do.
In general, the whole user education part of this is quite hard to
evaluate, and I don't think I understand the problem well enough to
take a stance.
- In general, having CAs sign onion certificates seems like a good
thing for now. There are threat models that would really benefit
from this, so we should make it a possibility and work with CAs to
get the best out of it.
- I'm not very afraid of CA certificates getting out of control, that
is the community evolving to a point that if an HS doesn't have a CA
certificate it's not considered secure.
This doesn't seem like something that will happen any time soon, and
if it ever happens and we really want to stop it, well it's good we
have a Firefox fork ;)
Personally, I would let this issue develop organically:
In the short-term future, we should help CAs make their certs useful for the onionspace, and we should also make some trac tickets and plans for any Tor modifications we want to do (for example, trusting self-signed certs signed by the HS identity key seem like a generally good idea).
I encourage anyone with good ideas and opinions to get involved with the CA community and help them make this useful. As I understand it, part of the discussion is happening here:
https://cabforum.org/pipermail/public/2014-November/004569.html
_______________________________________________
tor-dev mailing list
tor-dev at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
More information about the tor-dev
mailing list