[tor-project] Which domains have onion addresses with EV Certs

Paul Syverson paul.syverson at nrl.navy.mil
Tue May 10 12:09:35 UTC 2016

On Tue, May 10, 2016 at 06:18:14AM +0000, Peter Palfrader wrote:
> On Mon, 09 May 2016, Paul Syverson wrote:
> > Thanks Juha. This is useful.
> > 
> > I wonder why http://api.ctwatch.net/domain/onion
> > seems to miss so many of these.
> I looked at a small subset of this long list, but I didn't find any
> services that actually had a valid cert with the .onion as a SAN.

Yes. Juha sent a list of all the onionsites using https that he knew
about. Many of those are self-signed. But several _do_ have a .onion
SAN in an EV cert and aren't listed. For example, the ProPublica site
he mentioned and the Intercept SecureDrop site that Runa mentioned. I
found others, so something is still surprising here. I wonder if this
is worth reporting to the CT folk, and if so how.


More information about the tor-project mailing list