[tor-bugs] #18696 [- Select a component]: .onion names contain their own validator, we should use that
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 31 19:54:31 UTC 2016
#18696: .onion names contain their own validator, we should use that
--------------------------------------+-----------------
Reporter: huseby | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------+-----------------
Companion bug to https://bgz.la/1250696
I'd like to get feedback on this proposal.
The idea is to allow TBB to accept a self-signed trust root cert if the
hash of the public key matches the .onion address. This will allow
servers running as .onion sites to generate strong/modern TLS certs that
are signed by a self-signed root cert containing the .onion public key.
This should allow us to get around the DV cert problem and allow valid
.onion TLS certs be validated by the .onion name and have strong/modern
TLS certs.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18696>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list