[tor-dev] Of CA-signed certs and .onion URIs

Thu Nov 20 03:28:06 UTC 2014

On Tue, Nov 18, 2014 at 10:53:30PM -0500, grarpamp wrote:
> On Tue, Nov 18, 2014 at 12:55 PM, George Kadianakis
> <desnacked at riseup.net> wrote:
> > plans for any Tor modifications we want to do (for example, trusting
> > self-signed certs signed by the HS identity key seem like a generally
> > good idea).
> 
> If the HS pubkey and the onion CN were both in the cert, and signed
> over by that same key all corresponding to the url the TBB is currently
> attempting to validate, that would seem fine to me. No interaction with
> the controller (which may not even be accessible [1]) needed to get the
> HS descriptor (pubkey). Security is limited to 80-bits, or the future wider
> proposal. It's also a TBB specific extension. All other browsers pointed
> at socks5 somewhere will still rightly fail, unless adopted upstream
> (which MSIE won't do) or via standards. Note that this is not 'turning off
> the warnings for all .onion', it's recognizing that attestation of the HS key
> is sufficient to show ownership of that service. Whereas under various
> attacks a traditional selfsigned cert is not.

Ah, great. Adding the pubkey to the cert is a nice idea, as well.

> 
> > M. Finkel:
> > habit, where we're conditioning the younger generation to click-through,
> 
> It's suggested the right training is to teach the contexts in which they
> should care... banking, email, accounts, etc... and then to in fact just
> click through (everyday browsing) unless they're under a context where
> they actually care. Even though you have the helmet, you train and care
> wear a helmet for racing, not walking. The mandantory warnings are there
> for people who care about their context, not those who don't.
> My beef is that it requires more than one click in FF to get through.

Understood and I agree (though I'm not sure that analogy is great but
oh well ;) ). With regard to the warning, I think I'm most opposed to
it because it's so unuseful to most people. We're already using TOFU for
this, so if there was a single button that makes it simple for the
common-case, then I'd be happy with that.

This still raises the unfortunate question of whether anyone knows what
to do if they get the invalid cert warning from their bank's website,
but that's for another thread.

To be clear, I think it's critically important that the user is told
when security assumptions are broken, but I'm opposed to keeping the
current error page if we have the ability to make it better. I hope
this was understood in my email, but maybe I failed at that. I don't
want to get rid of the error message, but I want Tor to be able to
provide a way for operators to use TLS certs where these certs provide
the necessary assurances and don't cause the error condition. Where, as
a result, a user will only see the cert error if the operator intended
them to see it or if the connection was MITM. I think we all agree on
this.

Yes, I did say "Eliminating self-signed certificate errors when
connecting to hidden service sites will be a significant usability
improvement.". I guess that was poorly worded and I didn't take into
account operators/administrators who want their users to see the error
and add a special exception for their cert, sorry. I simply want a way
for a HS operator to be able to create a self-signed cert for their
website and not force every visitor to their site to add an exception
for that cert.