Can anyone explain the advantages of .onion certs?
As far as I understand the onionservice architecture, the traffic between the onion service and the client is EndtoEnd-encrypted?
I thought it was a political goal to get recognized (thanks for doing that) and a userinterface/experience goal to get this shiny green bar, when connecting to an .onion service.
cheers shadow
On 22.02.2016 17:12, Ron Risley wrote:
On Feb 22, 2016, at 06:18, Alec Muffett alecm@fb.com wrote:
Apologies for contradicting you, but there is nothing "tenuous" about Onion certificates.
I don't mind being contradicted. I was responding to articles like this one, which said "these .onion certificates are considered internal name certificates. The CA/Browser Forum has deprecated the use of public SSL Certificates for internal names and they will no longer be allowed after November 1, 2015. "
https://blog.digicert.com/the-current-state-of-onion-certificates-and-what-h...
I realize that situation has changed in the past year, with the IETF's official recognition of the .onion space.
Thanks for the references. They'll help me get up to speed on the current state of things.
Though I agree about the risk of ghettoization of the .onion space, I also see an opportunity here to avoid some of the pitfalls of the current SSL certificate trust model, specifically with regards to rogue authorities and stolen/forged signing keys.
Again, thanks...
--Ron _______________________________________________ tor-onions mailing list tor-onions@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions