<div dir="ltr"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Hi Raph,</div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><br></div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Whilst I agree that in an ideal world CAs would be irrelevant, we do not live in an ideal world. My proposal is one of many ways that a certificate could be issued to hidden services.</div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><br></div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Issuing standard TLS certificates to .onion domains allows HTTPS without modification to the browser. This allows non Tor Browsers user agents to access the Tor network via a proxy (SOCKS etc), doing otherwise would require all browsers to understand Tor. It also opens up new opportunities such as payment processing as current PCI DSS requirements do not allow non-standard TLS.</div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><br></div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Current hidden services with HTTPS such as the BBC already use standard TLS certificates, however the process for these is extremely involved with current CAs. My IETF draft aims to make this a much simpler process via the already well-proven ACME.</div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><br></div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Thanks,</div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Q<br>
<hr style="height:1px;background-color:#cbd5e0;margin-top:1rem;margin-bottom:1rem;border:0">
<p style="font-size:12px;color:#6c757d">
Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.
AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № <a href='https://e.as207960.net/w4bdyj/KTqT9UhM' target="_blank">12417574</a>.
ICO register №: <a href='https://e.as207960.net/w4bdyj/nDIgvQix' target="_blank">ZA782876</a>.
UK VAT №: GB378323867.
EU VAT №: EU372013983.
Turkish VAT №: 0861333524.
South Korean VAT №: 522-80-03080.
Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively.
</p></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 27 Apr 2023 at 13:59, Raphaël Fabre <contact@fabco.tech> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div style="font-family:Arial,sans-serif;font-size:14px">Hey</div><div style="font-family:Arial,sans-serif;font-size:14px"><br></div><div style="font-family:Arial,sans-serif;font-size:14px">I've read your proposal, although I'm not sure to grap the totality of it. I'm Raph the lead dev of this project -> <a href='https://e.as207960.net/w4bdyj/Z0C2k2MB' target="_blank">https://dappy.tech</a></div><div style="font-family:Arial,sans-serif;font-size:14px"><br></div><div style="font-family:Arial,sans-serif;font-size:14px">I have a question, since .onion is basically a non ICANN domain name system, why do you care about using Certificate Authorities ? Could you instead store the TLS certificates in the name system, as TXT / CERT records (similar to DANE) ?</div><div style="font-family:Arial,sans-serif;font-size:14px"><br></div><div style="font-family:Arial,sans-serif;font-size:14px">Doing this would allow TOR service providers to not rely on certificate authorities, control their TLS certificates directly (self signed) and <b>do not need at all to renew it</b>.</div><div style="font-family:Arial,sans-serif;font-size:14px"><br></div><div style="font-family:Arial,sans-serif;font-size:14px">happy to chat further</div><div style="font-family:Arial,sans-serif;font-size:14px">Raph</div><div style="font-family:Arial,sans-serif;font-size:14px"><br></div><div>
------- Original Message -------<br>
Le jeudi 27 avril 2023 à 14:45, Q Misell via tor-dev <<a href="mailto:tor-dev@lists.torproject.org" target="_blank">tor-dev@lists.torproject.org</a>> a écrit :<br><br>
<blockquote type="cite">
<div dir="ltr">Hi all,<div><br></div><div>I've spent some time working on ACME for Tor hidden services (you may have seen discussion of this work on the onion-advisors mailing list). Full details of the project are available at <a href='https://e.as207960.net/w4bdyj/IR334wAJ' rel="noreferrer nofollow noopener" target="_blank">https://acmeforonions.org</a>.</div><div><br></div><div>Attached is my proposal for a change to the Tor Rendezvous Specification to support the inclusion of CAA records in hidden service descriptors.</div><div><br></div><div>My fork of Tor implementing publishing these records is available at <a href='https://e.as207960.net/w4bdyj/PgmS75yl' rel="noreferrer nofollow noopener" target="_blank">https://github.com/as207960/tor</a>.</div><div><br></div><div>Thanks,</div><div>Q<br><div><div dir="ltr">
<hr style="height:1px;background-color:rgb(203,213,224);margin-top:1rem;margin-bottom:1rem;border:0px">
<p style="font-size:12px;color:rgb(108,117,125)">
Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated.
AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № <a href='https://e.as207960.net/w4bdyj/xqOq0Uik' rel="noreferrer nofollow noopener" target="_blank">12417574</a>.
ICO register №: <a href='https://e.as207960.net/w4bdyj/YYTnEyIO' rel="noreferrer nofollow noopener" target="_blank">ZA782876</a>.
UK VAT №: GB378323867.
EU VAT №: EU372013983.
Turkish VAT №: 0861333524.
South Korean VAT №: 522-80-03080.
Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively.
</p></div></div></div></div>
<p style="display:none;margin:0px;padding:0px;line-height:0"><img alt="" src="https://e.as207960.net/img/w4bdyj/ioLGBYOE3iMf"></p>
</blockquote><br>
</div></blockquote></div>
<p class='ampimg' style='display:none;visibility:none;margin:0;padding:0;line-height:0;'><img src='https://e.as207960.net/img/w4bdyj/dDfWpF56pDsR' alt=''></p>