On Oct 13, 2018, at 09:55, Adam Jensen hanzer@riseup.net wrote:
This might be a goofy question but why would SSL ever be used with a Tor Hidden Service?
If your site exists as both a hidden service and on the clear web, then it can be problematic to maintain both TLS and unencrypted access.
One problem with hidden services is the potential for copycat sites. Particularly if you have created a vanity .onion address, others can create similar-looking addresses and post them to try to lead people to their site instead of yours. Some folks believe that an EV TLS certificate can mitigate this risk. Facebook, for example, uses an EV certificate for their .onion site. Others question the value of EV certs for most any use cases:
https://scotthelme.co.uk/are-ev-certificates-worth-the-paper-theyre-written-...
AFAIK, the only folks that issues TLS certificates for .onion addresses is Digicert. They're EV only.
--2p