[tor-dev] HTTPS and Tor Onion v3 Services

Chad Retz chad.retz at gmail.com
Fri Dec 28 17:51:50 UTC 2018


"That said multiple layers of crypto cannot hurt, Facebook for example
uses this approach."

The first part is not strictly true. For the second part, FB uses an
identity-verified EV cert from a known CA to let their users confirm
their identity, not for increased encryption. Creating an onion
service is essentially creating a self-signed cert, so no, I'd say not
worth the effort to do it again at the HTTP level.

Chad

On Fri, Dec 28, 2018 at 11:17 AM Nathaniel Suchy <me at lunorian.is> wrote:
>
> Hi everyone,
>
> So I have an idea which may or may not be a possibility. Currently Tor Onion Services do not need HTTPS since they are already end to end encrypted. That said multiple layers of crypto cannot hurt, Facebook for example uses this approach. So I have the idea of some sort of mechanism that lets you sign a self-signed tls certificate with your Onion Service's hs_ed25519_secret_key and Tor Browser trusting the tls certificate based on this signature. Would this approach work? Would it be worth the effort? Look forward to hearing your thoughts :)
>
> Cordially,
> Nathaniel Suchy
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev


More information about the tor-dev mailing list