[tor-talk] You could use ModX to create .onion sites,

Andreas Krey a.krey at gmx.de
Fri May 24 13:25:46 UTC 2013


On Fri, 24 May 2013 07:22:28 +0000, Tom Ritter wrote:
...
> ... Actually that's not true.  I could have bought a certificate for a
> .onion address, any .onion address, from any CA until the end of 2015.

How that?

>  They're starting to phase them out now so "any CA" is probably not
> correct some "some CAs" would be true.  That's a mildly creepy
> thought, although the HS architecture should protect against that.

Hmm. Actually, we already have a kind of certificate - the HS itself.
What point does certificate verification serve in https to onion
site at all?

Would it be possible to put the server's HS cert keys into the the
SSL negotiation as well and have the browser either verify that
the public key matches the HS name, or not verify at all?
(And take a null cyphersuite as well?)

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800


More information about the tor-talk mailing list