There should be a way to auth via letsencrypt.org, anonymously.

To: tor-relays@lists.torproject.org
From: kernelcorn@riseup.net
Date: Tue, 29 Dec 2015 12:27:06 -0900
Subject: Re: [tor-relays] tor hidden services & SSL EV certificate

On 12/29/2015 11:18 AM, Aeris wrote:
>> A few hidden services have added an
>> HTTPS cert but I think that's mostly for a publicity stunt than anything
>> else.
>
> As indicated in the roger’s lecture, HTTPS is usefull for HS :
> - browsers handle more securely cookies or other stuff in HTTPS mode,
> avoiding some possible leaks
> - because anybody can create an HS and proxify any content, X.509 certs
> allow users to verify the authenticity of the HS (you are on the official
> Facebook HS if you have a cert with facebook.com *AND* facebookcorewwwi.onion
> inside)
>

I've downloaded the .webm of Roger's lecture but haven't had the time
today to listen to it. My point was that HSs already have an
authentication mechanism and it's assumed that you can verify the
address through some trusted out-of-band method, so in that case you
don't need an SSL cert. This can sometimes be superior to trusting the
centralized CA model, but I agree that the points you've listed are
useful applications as well.

--
Jesse V


_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays