[tbb-bugs] #21767 [Applications/Tor Browser]: Tor CA - .onion SSL system
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 17 11:16:57 UTC 2017
#21767: Tor CA - .onion SSL system
------------------------------------------+----------------------
Reporter: ikurua22 | Owner: tbb-team
Type: project | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
While Tor hidden service is secure by default, many websites are shifting
to HTTPS. Some .onion websites provide HTTPS access with self-sign certi-
ficate. .onion website can be viewed only from Tor network, especially
from "Tor Browser" by Tor project, and "Orfox" by GuardianProject.
Thus, I suggest this project: ".onion Certificate Authority"(TorOCA).
It's like "LetsEncrypt" - "clearnet" + ".onion".
TorOCA gives a pair of certificate(you know, pem and key) to .onion
holder.
1) "Tor Browser" have TorOCA root certificate as acceptable authority.
2) User visit https .onion website.
3) The server send TLS certification, which is signed by TorOCA.
4) User can visit the website without warning.
Consider:
1) Pricing. Free is good, but how about ".onion cert/$10/one-time"? This
will help Tor project income.
2) Sub-domain. Some .onion websites use subdomain instead of their main
domain.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21767>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list