[tor-dev] Of CA-signed certs and .onion URIs

Tom Ritter tom at ritter.vg
Wed Nov 19 06:05:41 UTC 2014 

On 18 November 2014 21:53, grarpamp <grarpamp at gmail.com> wrote:
> On Tue, Nov 18, 2014 at 12:55 PM, George Kadianakis
> <desnacked at riseup.net> wrote:
>> plans for any Tor modifications we want to do (for example, trusting
>> self-signed certs signed by the HS identity key seem like a generally
>> good idea).
>
> If the HS pubkey and the onion CN were both in the cert, and signed
> over by that same key all corresponding to the url the TBB is currently
> attempting to validate, that would seem fine to me. No interaction with
> the controller (which may not even be accessible [1]) needed to get the
> HS descriptor (pubkey). Security is limited to 80-bits, or the future wider
> proposal. It's also a TBB specific extension. All other browsers pointed
> at socks5 somewhere will still rightly fail, unless adopted upstream
> (which MSIE won't do) or via standards. Note that this is not 'turning off
> the warnings for all .onion', it's recognizing that attestation of the HS key
> is sufficient to show ownership of that service. Whereas under various
> attacks a traditional selfsigned cert is not.

If I've put a .onion url into the address bar in Tor Browser, and it
connects me - absent a bug in tor, 80-bit collision, or 1024-bit
factoring I know I'm talking to an endpoint on the other side that is
authoritative for the public key corresponding to the onion address.
At that point, they can tell me whatever they want, and I know I'm
still talking to the correct endpoint - like you said, the .onion
resolving and succeeding in connecting attested to the service.

So I'm not sure I understand the attacks you're talking about.  It's
true that if, on the relay hosting the HS, you forwarded it to another
machine and that connection was attacked (between your webserver and
your HS relay) - the connection would be insecure.  But I consider
that to be outside Tor. You had a responsibility to make your
application secure and you didn't, same as if you had SQL injection.

You mention "All other browsers pointed at socks5 somewhere will still
rightly fail" - that's still the case.  I'm not talking about putting
this .onion SSL bypass stuff into little-t tor, I'm talking about
making it a Tor Browser Extension - if that crossed our wires.

-tom

More information about the tor-dev mailing list