Which domains have onion addresses with EV Certs
Does anyone have a list of domains with EV Certs for onion addresses or know where to easily obtain such? Juha, I didn't see any obvious indicator of this at ahmia, but maybe you keep track of this somehow? Alternatively, if people have specific names of companies or domains (beyond Facebook) that have Certs for both their registered domain names and their onion addresses I'd appreciate hearing about them. Thanks. aloha, Paul
On Fri, 06 May 2016, Paul Syverson wrote:
Does anyone have a list of domains with EV Certs for onion addresses or know where to easily obtain such?
http://api.ctwatch.net/domain/onion might provide a good approximation. Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `- https://www.debian.org/
I believe The Intercept has an EV Cert for its SecureDrop instance. On Fri, May 6, 2016 at 5:11 PM, Peter Palfrader <weasel@torproject.org> wrote:
On Fri, 06 May 2016, Paul Syverson wrote:
Does anyone have a list of domains with EV Certs for onion addresses or know where to easily obtain such?
http://api.ctwatch.net/domain/onion might provide a good approximation.
Cheers, -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `- https://www.debian.org/ _______________________________________________ tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
-- Runa A. Sandvik
On Fri, May 06, 2016 at 05:11:25PM +0000, Peter Palfrader wrote:
On Fri, 06 May 2016, Paul Syverson wrote:
Does anyone have a list of domains with EV Certs for onion addresses or know where to easily obtain such?
http://api.ctwatch.net/domain/onion might provide a good approximation.
Thanks weasel. That's a big help. I guess I should have also asked, and ask now if people know of say Alexa 500 companies with onion addresses (not necessarily with CA certs). I know the 32c3 slides aluded to knowing of several. It would be nice to have any and all examples people know of. aloha, Paul
Paul Syverson <paul.syverson@nrl.navy.mil> writes:
[ text/plain ] On Fri, May 06, 2016 at 05:11:25PM +0000, Peter Palfrader wrote:
On Fri, 06 May 2016, Paul Syverson wrote:
Does anyone have a list of domains with EV Certs for onion addresses or know where to easily obtain such?
http://api.ctwatch.net/domain/onion might provide a good approximation.
Thanks weasel. That's a big help.
I guess I should have also asked, and ask now if people know of say Alexa 500 companies with onion addresses (not necessarily with CA certs). I know the 32c3 slides aluded to knowing of several. It would be nice to have any and all examples people know of.
aloha, Paul _______________________________________________ tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
Hello Paul, a few months ago we made a wiki page listing big websites with onion addresses. We used https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor but it seems like a cypherpunks account has since reverted most of our changes :( While writing the wiki page we discovered that tons of websites have onion counterparts, and it was not clear which ones (if not all) should be mentioned on the wiki page. For example, the (now defunct) darkweb-everywhere extension has hundreds of onion rules for websites: https://github.com/chris-barry/darkweb-everywhere/tree/master/rules Right now, the WeSupportTor wiki page is basically a list of "cool websites with onions" which is not particularly useful (it's basically someone's hidden wiki). As you suggest, it could be interesting to publish the list of "Alexa 500 websites with onion addresses" which is a more objective measure. I wonder what other objective/official lists could we use to measure onion adoption?
On Sat, 07 May 2016 02:31:46 +0300 George Kadianakis <desnacked@riseup.net> wrote:
a few months ago we made a wiki page listing big websites with onion addresses. We used https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor but it seems like a cypherpunks account has since reverted most of our changes :(
The content on the pages don't look that different at a first glance, compared to your last revision... https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor?acti...
Right now, the WeSupportTor wiki page is basically a list of "cool websites with onions" which is not particularly useful (it's basically someone's hidden wiki).
Though even going back to the last non-cypherpunks revision as of 4 months ago, this statement holds, and only blockchain.info, facebook and the intercept are listed as having SSL certs. Regards, -- Yawning Angel
Per Paul's question about EV onion certs specifically: the public Certificate Transparency logs are pretty great. They allow some audit trail on cert issuance, revocations, reissues, etc. -- and the data includes the "browser-friendly" .onion EV certs that DigiCert is issuing. https://www.certificate-transparency.org/ Comodo has a pretty decent search interface for CT logs that aggregates the various log servers, so you can search for things like "%.onion": https://crt.sh/?q=%25.onion Looks like that search result list also includes subjectAltNames and things like that for multi-domain certs, which is pretty nice. But this'll only be for the few CA-issued EV certs that exist, not the common cases of self-signed certs or onion sites serving TLS with their clearnet domain cert. (Those two cases seem to be the bulk of the older wiki lists and what Juha reported.) Best, -- Mike Tigas News Applications Developer, ProPublica https://www.propublica.org/ @mtigas | https://mike.tig.as/ | 0xA993E7156E0E9923
Hi, This may help you. 84 onion domains which are using HTTPS. https://27yteadbekoxcxt2.onion https://2fh6luk4mj5h7nfz.onion https://344c6kbnjnljjzlz.onion https://3dfklbujfunc5ket.onion https://3g2upl4pq6kufc4m.onion https://4grifreiheityou3.onion https://4sy6ebszykvcv2n6.onion https://5jp7xtmox6jyoqd5.onion https://7lvd7fa5yfbdqaii.onion https://anonopsmazrmrvws.onion https://ar-ar.facebookcorewwwi.onion https://asvkhkkx622cfuaq.onion https://authorednansyxlu.onion https://blackhau4shlmdvg.onion https://blockchainbdgpzk.onion https://blue3237xytrz5rk.onion https://bodytomind5hql5r.onion https://books432xsmc75eg.onion https://bqi4yyxcu5rzxv3x.onion https://brestutj2ykkybea.onion https://casino.bwin42j7wvhbeieg.onion https://censorgprbqukggo.onion https://cnnctor66c5hio46.onion https://coinpaymtstgtibr.onion https://crypt7iij7s2zxp2.onion https://czlarotosh3ap5kp.onion https://ddrjq3i6ofhv7643.onion https://developers.facebookcorewwwi.onion https://ecirtamno7a6cynx.onion https://eehpr3uab7nz5vzv.onion https://es-la.facebookcorewwwi.onion https://fbin5tmw4kzijovf.onion https://feeds.propub3r6espa33w.onion https://games.bwin42j7wvhbeieg.onion https://gorfpiehonruqzzh.onion https://gqd5qvyzzkmunhgj.onion https://help.bwin42j7wvhbeieg.onion https://hi-in.facebookcorewwwi.onion https://issfas642wg6tjmp.onion https://izvuyiy7r5z7xguw.onion https://jhu5pr7ahdldvpct.onion https://ke7hlgpj5qj4y6ug.onion https://kyhwanap6lck2fop.onion https://livebetting.bwin42j7wvhbeieg.onion https://logisticsllk4iso.onion https://ltcpool5brio2gaj.onion https://matrix4ozv2gicar.onion https://mhutvxqxiu6twcpe.onion https://mobizah62z3y6fem.onion https://monsterki35deun7.onion https://mprt35sjunnxfa76.onion https://multivpnwbercchz.onion https://nmf6cg7tiyqlhsg3.onion https://nntpbboowrhjletp.onion https://of4fjg5hgleayzw3.onion https://pmwdzvbyvnmwobk5.onion https://poker.bwin42j7wvhbeieg.onion https://qssio5fppcrojdh3.onion https://quystystxtvdgyst.onion https://rlpxwwkyjefbku4s.onion https://s4bysmmsnraf7eut.onion https://sa6pbdrbllyona5s.onion https://sports.bwin42j7wvhbeieg.onion https://superkuhbitj6tul.onion https://tcxb6cwaejftlefl.onion https://tiueapv6r6mbjpfh.onion https://twulujga5k2t3i6c.onion https://unenc4agrvxopukl.onion https://verifieasmspsemk.onion https://w4fqbwiklmlconsp.onion https://wakareimsjohxxlx.onion https://www.bwin42j7wvhbeieg.onion https://www.cyphdbyhiddenbhs.onion https://www.facebookcorewwwi.onion https://www.propub3r6espa33w.onion https://wx4j4vmarsinfoxe.onion https://wzeclycrotx4hgi4.onion https://xapuhehjszfnhxci.onion https://y6xjgkgwj47us5ca.onion https://ybfg5ma65ug63ipj.onion https://yxecp2632dx7yxj4.onion https://zixhsinnvwxir5pc.onion https://zsg4qvbnpk6zdco7.onion https://zsstudsm6eu5wsqq.onion Best, Juha On Fri, May 6, 2016 at 6:06 PM, Paul Syverson <paul.syverson@nrl.navy.mil> wrote:
Does anyone have a list of domains with EV Certs for onion addresses or know where to easily obtain such? Juha, I didn't see any obvious indicator of this at ahmia, but maybe you keep track of this somehow?
Alternatively, if people have specific names of companies or domains (beyond Facebook) that have Certs for both their registered domain names and their onion addresses I'd appreciate hearing about them. Thanks.
aloha, Paul
For instance, https://www.propub3r6espa33w.onion/ -Juha On Fri, May 6, 2016 at 8:57 PM, Nurmi, Juha <juha.nurmi@ahmia.fi> wrote:
Hi,
This may help you. 84 onion domains which are using HTTPS.
https://27yteadbekoxcxt2.onion https://2fh6luk4mj5h7nfz.onion https://344c6kbnjnljjzlz.onion https://3dfklbujfunc5ket.onion https://3g2upl4pq6kufc4m.onion https://4grifreiheityou3.onion https://4sy6ebszykvcv2n6.onion https://5jp7xtmox6jyoqd5.onion https://7lvd7fa5yfbdqaii.onion https://anonopsmazrmrvws.onion https://ar-ar.facebookcorewwwi.onion https://asvkhkkx622cfuaq.onion https://authorednansyxlu.onion https://blackhau4shlmdvg.onion https://blockchainbdgpzk.onion https://blue3237xytrz5rk.onion https://bodytomind5hql5r.onion https://books432xsmc75eg.onion https://bqi4yyxcu5rzxv3x.onion https://brestutj2ykkybea.onion https://casino.bwin42j7wvhbeieg.onion https://censorgprbqukggo.onion https://cnnctor66c5hio46.onion https://coinpaymtstgtibr.onion https://crypt7iij7s2zxp2.onion https://czlarotosh3ap5kp.onion https://ddrjq3i6ofhv7643.onion https://developers.facebookcorewwwi.onion https://ecirtamno7a6cynx.onion https://eehpr3uab7nz5vzv.onion https://es-la.facebookcorewwwi.onion https://fbin5tmw4kzijovf.onion https://feeds.propub3r6espa33w.onion https://games.bwin42j7wvhbeieg.onion https://gorfpiehonruqzzh.onion https://gqd5qvyzzkmunhgj.onion https://help.bwin42j7wvhbeieg.onion https://hi-in.facebookcorewwwi.onion https://issfas642wg6tjmp.onion https://izvuyiy7r5z7xguw.onion https://jhu5pr7ahdldvpct.onion https://ke7hlgpj5qj4y6ug.onion https://kyhwanap6lck2fop.onion https://livebetting.bwin42j7wvhbeieg.onion https://logisticsllk4iso.onion https://ltcpool5brio2gaj.onion https://matrix4ozv2gicar.onion https://mhutvxqxiu6twcpe.onion https://mobizah62z3y6fem.onion https://monsterki35deun7.onion https://mprt35sjunnxfa76.onion https://multivpnwbercchz.onion https://nmf6cg7tiyqlhsg3.onion https://nntpbboowrhjletp.onion https://of4fjg5hgleayzw3.onion https://pmwdzvbyvnmwobk5.onion https://poker.bwin42j7wvhbeieg.onion https://qssio5fppcrojdh3.onion https://quystystxtvdgyst.onion https://rlpxwwkyjefbku4s.onion https://s4bysmmsnraf7eut.onion https://sa6pbdrbllyona5s.onion https://sports.bwin42j7wvhbeieg.onion https://superkuhbitj6tul.onion https://tcxb6cwaejftlefl.onion https://tiueapv6r6mbjpfh.onion https://twulujga5k2t3i6c.onion https://unenc4agrvxopukl.onion https://verifieasmspsemk.onion https://w4fqbwiklmlconsp.onion https://wakareimsjohxxlx.onion https://www.bwin42j7wvhbeieg.onion https://www.cyphdbyhiddenbhs.onion https://www.facebookcorewwwi.onion https://www.propub3r6espa33w.onion https://wx4j4vmarsinfoxe.onion https://wzeclycrotx4hgi4.onion https://xapuhehjszfnhxci.onion https://y6xjgkgwj47us5ca.onion https://ybfg5ma65ug63ipj.onion https://yxecp2632dx7yxj4.onion https://zixhsinnvwxir5pc.onion https://zsg4qvbnpk6zdco7.onion https://zsstudsm6eu5wsqq.onion
Best, Juha
On Fri, May 6, 2016 at 6:06 PM, Paul Syverson <paul.syverson@nrl.navy.mil> wrote:
Does anyone have a list of domains with EV Certs for onion addresses or know where to easily obtain such? Juha, I didn't see any obvious indicator of this at ahmia, but maybe you keep track of this somehow?
Alternatively, if people have specific names of companies or domains (beyond Facebook) that have Certs for both their registered domain names and their onion addresses I'd appreciate hearing about them. Thanks.
aloha, Paul
Thanks Juha. This is useful. I wonder why http://api.ctwatch.net/domain/onion seems to miss so many of these. aloha, Paul On Fri, May 06, 2016 at 09:01:10PM +0300, Nurmi, Juha wrote:
For instance, https://www.propub3r6espa33w.onion/
-Juha
On Fri, May 6, 2016 at 8:57 PM, Nurmi, Juha <juha.nurmi@ahmia.fi> wrote:
Hi,
This may help you. 84 onion domains which are using HTTPS.
https://27yteadbekoxcxt2.onion https://2fh6luk4mj5h7nfz.onion https://344c6kbnjnljjzlz.onion https://3dfklbujfunc5ket.onion https://3g2upl4pq6kufc4m.onion https://4grifreiheityou3.onion https://4sy6ebszykvcv2n6.onion https://5jp7xtmox6jyoqd5.onion https://7lvd7fa5yfbdqaii.onion https://anonopsmazrmrvws.onion https://ar-ar.facebookcorewwwi.onion https://asvkhkkx622cfuaq.onion https://authorednansyxlu.onion https://blackhau4shlmdvg.onion https://blockchainbdgpzk.onion https://blue3237xytrz5rk.onion https://bodytomind5hql5r.onion https://books432xsmc75eg.onion https://bqi4yyxcu5rzxv3x.onion https://brestutj2ykkybea.onion https://casino.bwin42j7wvhbeieg.onion https://censorgprbqukggo.onion https://cnnctor66c5hio46.onion https://coinpaymtstgtibr.onion https://crypt7iij7s2zxp2.onion https://czlarotosh3ap5kp.onion https://ddrjq3i6ofhv7643.onion https://developers.facebookcorewwwi.onion https://ecirtamno7a6cynx.onion https://eehpr3uab7nz5vzv.onion https://es-la.facebookcorewwwi.onion https://fbin5tmw4kzijovf.onion https://feeds.propub3r6espa33w.onion https://games.bwin42j7wvhbeieg.onion https://gorfpiehonruqzzh.onion https://gqd5qvyzzkmunhgj.onion https://help.bwin42j7wvhbeieg.onion https://hi-in.facebookcorewwwi.onion https://issfas642wg6tjmp.onion https://izvuyiy7r5z7xguw.onion https://jhu5pr7ahdldvpct.onion https://ke7hlgpj5qj4y6ug.onion https://kyhwanap6lck2fop.onion https://livebetting.bwin42j7wvhbeieg.onion https://logisticsllk4iso.onion https://ltcpool5brio2gaj.onion https://matrix4ozv2gicar.onion https://mhutvxqxiu6twcpe.onion https://mobizah62z3y6fem.onion https://monsterki35deun7.onion https://mprt35sjunnxfa76.onion https://multivpnwbercchz.onion https://nmf6cg7tiyqlhsg3.onion https://nntpbboowrhjletp.onion https://of4fjg5hgleayzw3.onion https://pmwdzvbyvnmwobk5.onion https://poker.bwin42j7wvhbeieg.onion https://qssio5fppcrojdh3.onion https://quystystxtvdgyst.onion https://rlpxwwkyjefbku4s.onion https://s4bysmmsnraf7eut.onion https://sa6pbdrbllyona5s.onion https://sports.bwin42j7wvhbeieg.onion https://superkuhbitj6tul.onion https://tcxb6cwaejftlefl.onion https://tiueapv6r6mbjpfh.onion https://twulujga5k2t3i6c.onion https://unenc4agrvxopukl.onion https://verifieasmspsemk.onion https://w4fqbwiklmlconsp.onion https://wakareimsjohxxlx.onion https://www.bwin42j7wvhbeieg.onion https://www.cyphdbyhiddenbhs.onion https://www.facebookcorewwwi.onion https://www.propub3r6espa33w.onion https://wx4j4vmarsinfoxe.onion https://wzeclycrotx4hgi4.onion https://xapuhehjszfnhxci.onion https://y6xjgkgwj47us5ca.onion https://ybfg5ma65ug63ipj.onion https://yxecp2632dx7yxj4.onion https://zixhsinnvwxir5pc.onion https://zsg4qvbnpk6zdco7.onion https://zsstudsm6eu5wsqq.onion
Best, Juha
On Fri, May 6, 2016 at 6:06 PM, Paul Syverson <paul.syverson@nrl.navy.mil> wrote:
Does anyone have a list of domains with EV Certs for onion addresses or know where to easily obtain such? Juha, I didn't see any obvious indicator of this at ahmia, but maybe you keep track of this somehow?
Alternatively, if people have specific names of companies or domains (beyond Facebook) that have Certs for both their registered domain names and their onion addresses I'd appreciate hearing about them. Thanks.
aloha, Paul
On Mon, 09 May 2016, Paul Syverson wrote:
Thanks Juha. This is useful.
I wonder why http://api.ctwatch.net/domain/onion seems to miss so many of these.
I looked at a small subset of this long list, but I didn't find any services that actually had a valid cert with the .onion as a SAN. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `- https://www.debian.org/
On Tue, May 10, 2016 at 06:18:14AM +0000, Peter Palfrader wrote:
On Mon, 09 May 2016, Paul Syverson wrote:
Thanks Juha. This is useful.
I wonder why http://api.ctwatch.net/domain/onion seems to miss so many of these.
I looked at a small subset of this long list, but I didn't find any services that actually had a valid cert with the .onion as a SAN.
Yes. Juha sent a list of all the onionsites using https that he knew about. Many of those are self-signed. But several _do_ have a .onion SAN in an EV cert and aren't listed. For example, the ProPublica site he mentioned and the Intercept SecureDrop site that Runa mentioned. I found others, so something is still surprising here. I wonder if this is worth reporting to the CT folk, and if so how. aloha, Paul
participants (7)
-
George Kadianakis -
Mike Tigas -
Nurmi, Juha -
Paul Syverson -
Peter Palfrader -
Runa A. Sandvik -
Yawning Angel