Thanks for this brief explanation,
so the main goal of SSL addresses the problem of impersonation.
Isn't there an easier way to implement that somehow in the Tor code, than to rely on the (kind of broken) SSL system? But that would only address point 1), 2), 3) and 6)
cheers shadow
On 25.02.2016 17:17, Alec Muffett wrote:
On Feb 25, 2016, at 15:33, shadow shadow@systemli.org wrote:
Can anyone explain the advantages of .onion certs?
Having SSL Certificates for Onion addresses can help answer questions like:
"how do I know that this onion address is run by the *real* <insert-company-name>?"
"how do I know that <www-onion-address> and <cdn-onion-address> are run by the same <organisation>?"
"what can I do about <bad people> who set up a look-alike phishing onion site and try fooling people into thinking it's mine?"
"my existing website codebase relies heavily upon 'secure cookies' which can only go over HTTPS; how can I launch an onion site without doing a lot of expensive refactoring of my code merely to support an experiment with Tor?"
"new features in upcoming browsers are going to be locked to HTTPS access - some already are, eg: webcam access - how can i futureproof?"
And because Ballot-144 was thought about by a bunch of sensible people:
"Onion SSL Certificates are EV-only. But I need a wildcard certificate! Oh, wait, Onion-EV certificates are wildcard-enabled? Cool!"
-a
tor-onions mailing list tor-onions@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions