On Feb 25, 2016, at 15:33, shadow shadow@systemli.org wrote:
Can anyone explain the advantages of .onion certs?
Having SSL Certificates for Onion addresses can help answer questions like:
1) "how do I know that this onion address is run by the *real* <insert-company-name>?"
2) "how do I know that <www-onion-address> and <cdn-onion-address> are run by the same <organisation>?"
3) "what can I do about <bad people> who set up a look-alike phishing onion site and try fooling people into thinking it's mine?"
4) "my existing website codebase relies heavily upon 'secure cookies' which can only go over HTTPS; how can I launch an onion site without doing a lot of expensive refactoring of my code merely to support an experiment with Tor?"
5) "new features in upcoming browsers are going to be locked to HTTPS access - some already are, eg: webcam access - how can i futureproof?"
And because Ballot-144 was thought about by a bunch of sensible people:
6) "Onion SSL Certificates are EV-only. But I need a wildcard certificate! Oh, wait, Onion-EV certificates are wildcard-enabled? Cool!"
-a