[tor-dev] Of CA-signed certs and .onion URIs

grarpamp grarpamp at gmail.com
Wed Nov 19 20:09:11 UTC 2014

On Wed, Nov 19, 2014 at 1:05 AM, Tom Ritter <tom at ritter.vg> wrote:
> At that point, they can tell me whatever they want

Some of them will ;)

> So I'm not sure I understand the attacks you're talking about.

> this .onion SSL bypass stuff into little-t tor, I'm talking about
> making it a Tor Browser Extension - if that crossed our wires.

Cert infrastructures can make linkphisher proxies harder and
gives options to users and operators as well as an actual layer
of traditional browser to webserver crypto. Disabling warnings
there for all of .onion doesn't. And certainly disabling them for
pinned certs and CA's wouldn't.

As before, extending TBB to skip warnings for HS pubkey signed
certs of respective single onions seems fine.

> It's
> true that if, on the relay hosting the HS, you forwarded it to another
> machine and that connection was attacked (between your webserver and
> your HS relay) - the connection would be insecure.

Your webserver can/should enforce TLS for that connection regardless
if it's on localhost or the other side of the planet via clearnet or
some other transport.

More information about the tor-dev mailing list