[tor-dev] xxx-draft-spec-for-TLS-normalization.txt

Chris Palmer chris at eff.org
Mon Feb 21 22:08:47 UTC 2011

On Feb 21, 2011, at 12:54 PM, Adam Langley wrote:

> I agree that forcing collateral damage is the key here. The current
> code generates `random' certificates, but it's pretty easy to pattern
> match them and there's no collateral damage to doing so.

The thing that seems most correct to me, and most true, and is also likely to look like a lot of self-signed HTTPS hosts, is to just create a cert that looks like what a "good" self-signed cert would look like: a subject name that matches the host's internet-facing identity (IP and/or hostname), with reasonably common cryptographic parameters, and real-ish information in the fields like OU and so on (perhaps automatically culled from hostnames or Tor relay names or something).

As the Observatory shows, self-signed certificates outnumber CA-signed certificates. Fitting in with the self-signed world, of which those CPE things like printers and routers are just a subset, seems reasonable.

I don't know if it's possible to do better than to "just sort of look like a web server with a self-signed cert".

Chris Palmer
Technology Director, Electronic Frontier Foundation

tor-dev mailing list
tor-dev at lists.torproject.org

More information about the tor-dev mailing list