[tor-talk] Giving Hidden Services some love

[Matthew Puckey]

On Sun, 04 Jan 2015 13:31:17 -0800
"Jesse B. Crawford" <jesse at jbcrawford.us> wrote:

> On 2015-01-04 02:37, Peter Tonoli wrote:
> > EV certificates don't fix any problem. The validation of a 'legal
> > entity' is purely due to an agreed policy. A rogue, compromised, or
> > alternate CA could release certificates with EV fields that don't
> > 'rigorously' validate the organisation that applies for the
> > certificate.
> 
> I am assuming here that users trust CAs - I think a fair assumption
> for practical purposes since this is the foundation of the current
> open-internet system. 

I'm not sure that is a fair assumption; Comodo for example. Purely
because today a lot of secure communication relies on CAs, I don't
think is a reason to continue along the same path and not look into
alternatives.

> Fixing the problem in a general way is a much
> more ambitious goal than just extending this assurance to Tor.

I 100% agree the CA issue is a much bigger one than this conversation,
but the situations *are* different.

Saying that, I do understand the "architectural
considerations" (-Facebook) that some large companies might have.

-- 
Matthew Puckey