On 29 Dec 2015, at 21:18, Aeris aeris+tor@imirhil.fr wrote:
A few hidden services have added an HTTPS cert but I think that's mostly for a publicity stunt than anything else.
As indicated in the roger’s lecture, HTTPS is usefull for HS :
- browsers handle more securely cookies or other stuff in HTTPS mode,
avoiding some possible leaks
- because anybody can create an HS and proxify any content, X.509 certs
allow users to verify the authenticity of the HS (you are on the official Facebook HS if you have a cert with facebook.com *AND* facebookcorewwwi.onion inside)
Yes I forgot to say it was for a know url already (https://friendpaste.com) on which I would like to add a .onion access so people don't have to go out of the tor network somehow. Having a cert working on that address would help to validate the access.
I will check with digicert if this is possible since they are already providing me a cert for this address.
- benoit