[tor-relays] tor hidden services & SSL EV certificate

Billy Humphreys pokeacer549 at outlook.com
Tue Dec 29 22:24:35 UTC 2015


There should be a way to auth via letsencrypt.org, anonymously.

To: tor-relays at lists.torproject.org
From: kernelcorn at riseup.net
Date: Tue, 29 Dec 2015 12:27:06 -0900
Subject: Re: [tor-relays] tor hidden services & SSL EV certificate

On 12/29/2015 11:18 AM, Aeris wrote:
>> A few hidden services have added an
>> HTTPS cert but I think that's mostly for a publicity stunt than anything
>> else.
> 
> As indicated in the roger’s lecture, HTTPS is usefull for HS :
> 	- browsers handle more securely cookies or other stuff in HTTPS mode, 
> avoiding some possible leaks
> 	- because anybody can create an HS and proxify any content, X.509 certs 
> allow users to verify the authenticity of the HS (you are on the official 
> Facebook HS if you have a cert with facebook.com *AND* facebookcorewwwi.onion 
> inside)
> 
 
I've downloaded the .webm of Roger's lecture but haven't had the time
today to listen to it. My point was that HSs already have an
authentication mechanism and it's assumed that you can verify the
address through some trusted out-of-band method, so in that case you
don't need an SSL cert. This can sometimes be superior to trusting the
centralized CA model, but I agree that the points you've listed are
useful applications as well.
 
-- 
Jesse V
 

_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20151229/76123daa/attachment-0001.html>


More information about the tor-relays mailing list