[tor-onions] SSL certificates for hidden services/.onion domains
shadow
shadow at systemli.org
Fri Feb 26 14:53:25 UTC 2016
Thanks for this brief explanation,
so the main goal of SSL addresses the problem of impersonation.
Isn't there an easier way to implement that somehow in the Tor code,
than to rely on the (kind of broken) SSL system? But that would only
address point 1), 2), 3) and 6)
cheers shadow
On 25.02.2016 17:17, Alec Muffett wrote:
>
>> On Feb 25, 2016, at 15:33, shadow <shadow at systemli.org> wrote:
>>
>> Can anyone explain the advantages of .onion certs?
>
> Having SSL Certificates for Onion addresses can help answer questions like:
>
> 1) "how do I know that this onion address is run by the *real* <insert-company-name>?"
>
> 2) "how do I know that <www-onion-address> and <cdn-onion-address> are run by the same <organisation>?"
>
> 3) "what can I do about <bad people> who set up a look-alike phishing onion site and try fooling people into thinking it's mine?"
>
> 4) "my existing website codebase relies heavily upon 'secure cookies' which can only go over HTTPS; how can I launch an onion site without doing a lot of expensive refactoring of my code merely to support an experiment with Tor?"
>
> 5) "new features in upcoming browsers are going to be locked to HTTPS access - some already are, eg: webcam access - how can i futureproof?"
>
> And because Ballot-144 was thought about by a bunch of sensible people:
>
> 6) "Onion SSL Certificates are EV-only. But I need a wildcard certificate! Oh, wait, Onion-EV certificates are wildcard-enabled? Cool!"
>
> -a
>
> _______________________________________________
> tor-onions mailing list
> tor-onions at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions
>
--
best regards | viele Gruesse, shadow at systemli.org
receive my key:
gpg --keyserver zimmermann.mayfirst.org --recv-keys 0x5C6B6ED4248C1F32
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-onions/attachments/20160226/54adff71/attachment.sig>
More information about the tor-onions
mailing list