On 29/12/2015 20:55, Mirimir wrote:
On 12/29/2015 01:16 PM, bernard wrote:
<snip>
The objective of it (from a users point of view) would be the tieing the identity of the *clear web* site and the *.onion site* together to give the user some trust that bigclearwebwebsite.onion is in fact the same as the .com site.
(Replace bigclearwebwebsite. with DuckDuckGo, Facebook, etc)
True. But I don't see that it helps much for onion sites that aren't tied to well-known clearweb sites.
Fair point. Maybe for users of a .onion site that *itself* needs anonymity, an SSL cert is not helpful to it.
But another way of asking: how do I as a user trust that .onion site?
I've been playing with GnuPG-signed pages, with the public key available from multiple independent sources. But of course, it's a bit much to expect users to verify signatures.
Well, given difficulties users have with verification of GPG key strings, that would be difficult.
Bernard