[tor-talk] Motivations for certificate issues for onion services
Seth David Schoen
schoen at eff.org
Thu Aug 10 06:24:00 UTC 2017
Dave Warren writes:
> I don't completely understand this, since outside the Tor world it's
> possible to acquire DV certificates using verification performed on
> unencrypted (HTTP) channels.
>
> Wouldn't the same be possible for a .onion, simply requiring that the
> verification service act as a Tor client? This would be at least as good,
> given that Tor adds a bit of encryption.
I think Roger's reply to my message addresses reasons why I think this
is a good argument, and I'm in agreement with you. However, with
next-generation onion services, it should no longer be necessary to have
any form of this argument.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
More information about the tor-talk
mailing list