[tor-onions] SSL certificates for hidden services/.onion domains
shadow
shadow at systemli.org
Thu Feb 25 15:33:03 UTC 2016
Can anyone explain the advantages of .onion certs?
As far as I understand the onionservice architecture, the traffic
between the onion service and the client is EndtoEnd-encrypted?
I thought it was a political goal to get recognized (thanks for doing
that) and a userinterface/experience goal to get this shiny green bar,
when connecting to an .onion service.
cheers shadow
On 22.02.2016 17:12, Ron Risley wrote:
>
>> On Feb 22, 2016, at 06:18, Alec Muffett <alecm at fb.com> wrote:
>>
>> Apologies for contradicting you, but there is nothing "tenuous" about Onion certificates.
>
> I don't mind being contradicted. I was responding to articles like this one, which said "these .onion certificates are considered internal name certificates. The CA/Browser Forum has deprecated the use of public SSL Certificates for internal names and they will no longer be allowed after November 1, 2015. "
>
> https://blog.digicert.com/the-current-state-of-onion-certificates-and-what-happens-next/
>
> I realize that situation has changed in the past year, with the IETF's official recognition of the .onion space.
>
> Thanks for the references. They'll help me get up to speed on the current state of things.
>
> Though I agree about the risk of ghettoization of the .onion space, I also see an opportunity here to avoid some of the pitfalls of the current SSL certificate trust model, specifically with regards to rogue authorities and stolen/forged signing keys.
>
> Again, thanks...
>
> --Ron
> _______________________________________________
> tor-onions mailing list
> tor-onions at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-onions
>
--
best regards | viele Gruesse, shadow at systemli.org
receive my key:
gpg --keyserver zimmermann.mayfirst.org --recv-keys 0x5C6B6ED4248C1F32
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-onions/attachments/20160225/360e4842/attachment-0001.sig>
More information about the tor-onions
mailing list