[tor-onions] SSL certificates for hidden services/.onion domains
Alec Muffett
alecm at fb.com
Thu Feb 25 16:17:25 UTC 2016
> On Feb 25, 2016, at 15:33, shadow <shadow at systemli.org> wrote:
>
> Can anyone explain the advantages of .onion certs?
Having SSL Certificates for Onion addresses can help answer questions like:
1) "how do I know that this onion address is run by the *real* <insert-company-name>?"
2) "how do I know that <www-onion-address> and <cdn-onion-address> are run by the same <organisation>?"
3) "what can I do about <bad people> who set up a look-alike phishing onion site and try fooling people into thinking it's mine?"
4) "my existing website codebase relies heavily upon 'secure cookies' which can only go over HTTPS; how can I launch an onion site without doing a lot of expensive refactoring of my code merely to support an experiment with Tor?"
5) "new features in upcoming browsers are going to be locked to HTTPS access - some already are, eg: webcam access - how can i futureproof?"
And because Ballot-144 was thought about by a bunch of sensible people:
6) "Onion SSL Certificates are EV-only. But I need a wildcard certificate! Oh, wait, Onion-EV certificates are wildcard-enabled? Cool!"
-a
More information about the tor-onions
mailing list