How would PKCS#11 help? It seems like a standard for cryptographic tokens. Sorry, I don't quite understand. On 6/8/26 11:04 PM, Jeremy Rand wrote:
techmetx11 via tor-dev:
Hi tor-dev mailing list,
Is there a way to capsulate a Tor hidden service Ed25519 private key inside a TLS EE certificate and use it in TLS?
I wanted to use this specifically for XMPP's server-to-server TLS connections, which uses mTLS to prove if the client connecting is who they say they are. Currently with XMPP Tor server-to-server connections, we have to use dialback (telling the server to connect back to the client to authenticate its identity, https://xmpp.org/extensions/ xep-0220.html) to prove it, which is a legacy and insecure form of server-to-server authentication
If this is possible, then it would get rid of a reason to keep dialback around and less roundtrip for the server authentication.
Kind regards,
techmetx11
Hi!
Possible via PKCS#11 (basically the same logic as for TLS server certs), though I haven't written the TLS CCA code paths for that yet. However, probably not desirable in the way that you want. In some setups (e.g. Whonix), the application and the Tor daemon are in different trust domains. If you *replace* the onion dialback authentication with TLS CCA, then anyone who compromises the application can bypass the authentication. Of course, with your current scheme, anyone who compromises the Tor daemon can bypass the authentication. The most secure scheme is probably to do both TLS *and* onion auth, in both directions; that way an attacker would have to compromise both the application and the Tor daemon in order to bypass auth.
Cheers,