[tor-talk] Blockchain.info Tor Hidden Service + Signed Certificate
Nik Cubrilovic
nikcub at gmail.com
Wed Dec 3 18:22:26 UTC 2014
On Thu, Dec 4, 2014 at 4:55 AM, Runa A. Sandvik <runa.sandvik at gmail.com> wrote:
>
> Can you elaborate on why Blockchain wanted an SSL certificate on its
> .onion site?
>
A few reasons:
1. When they announced the first hidden site on Saturday which was
plain HTTP[0] there was a clone up within an hour and despite the
official blockchain twitter and reddit accounts linking to the onion
others spammed the clone link(s) which lead users asking to what is
real/not[1]
2. User expectation - thinking a "legitimate" hidden service should
have a signed and valid certificate [2]
3. The users who were MITM'd on exit nodes weren't noticing they were
being ssl stripped, so the chances of getting them into a usage
pattern of checking a 16 character onion address felt slim -
especially when clones can match the first 10 characters and there is
no browser failure mode for not checking the address
4. To defend against the attack type where an attacker creates a clone
onion with close-enough matching address and then MITM exit nodes
where they s/<legitimate hostname>/<clone hostname> in all pages the
user visits.
enforced HTTPS everywhere, including onion sites, solves a lot of
problems and keeps user advice consistent. HTTPS and signed
certificates doesn't have to mean paying a CA - i'd like to see TB
distribute a root for a voluntary onion-oriented CA.
[0] http://blockchatvqztbll.onion
[1] http://www.reddit.com/r/Bitcoin/comments/2npw4p/blockchaininfo_has_an_onion_url_now_or_is_this_a/cmfry83
(spam link deleted and removed by mods)
[2] https://twitter.com/sylvandb/status/538724877344468992
More information about the tor-talk
mailing list