[tor-project] Which domains have onion addresses with EV Certs
Mike Tigas
mike at tig.as
Sat May 7 19:47:49 UTC 2016
Per Paul's question about EV onion certs specifically: the public
Certificate Transparency logs are pretty great. They allow some audit
trail on cert issuance, revocations, reissues, etc. -- and the data
includes the "browser-friendly" .onion EV certs that DigiCert is issuing.
https://www.certificate-transparency.org/
Comodo has a pretty decent search interface for CT logs that aggregates
the various log servers, so you can search for things like "%.onion":
https://crt.sh/?q=%25.onion
Looks like that search result list also includes subjectAltNames and
things like that for multi-domain certs, which is pretty nice.
But this'll only be for the few CA-issued EV certs that exist, not the
common cases of self-signed certs or onion sites serving TLS with their
clearnet domain cert. (Those two cases seem to be the bulk of the older
wiki lists and what Juha reported.)
Best,
--
Mike Tigas
News Applications Developer, ProPublica
https://www.propublica.org/
@mtigas | https://mike.tig.as/ | 0xA993E7156E0E9923
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20160507/4604f6cf/attachment.sig>
More information about the tor-project
mailing list