[tor-talk] Letsencrypt and Tor Hidden Services
Seth David Schoen
schoen at eff.org
Wed Aug 19 17:34:52 UTC 2015
Fabio Pietrosanti (naif) - lists writes:
> does anyone had looked into the upcoming Letsencrypt if it would also
> works fine with Tor Hidden Services and/or if there's some
> complexity/issues to be managed?
> As it would/could be interesting if Tor itself would support directly
> letsencrypt to load TLS certificate on TorHS.
Hi, I'm working on the Let's Encrypt project. A difficulty to contend
with is that the certificate industry doesn't want certs to be issued
for domain names in the long term unless the names are official in
some way -- to ensure that they have an unambiguous meaning worldwide.
The theoretical risk is that someone might use a name like .onion in
another way, for example by trying to register it as a DNS TLD through
ICANN. In that case, users might be confused because they meant to use
a name in one context but it had a different meaning that they didn't
know about in a different context.
Right now, the industry allows .onion certs temporarily, but only EV
certs, not DV certs (the kind that Let's Encrypt is going to issue),
and the approval to issue them under the current compromise is going
It's seemed like the efforts at IETF to reserve specific "peer-to-peer
names" would be an important step in making it possible for CAs to issue
certs for these names permanently. These efforts appeared to get somewhat
bogged down at the last IETF meeting.
(I'm hoping to write something on the EFF site about this issue, which
may have kind of far-reaching consequences.)
Anyway, I would encourage anyone who wants to work on this issue to get
in touch with Christian Grothoff, the lead author of the P2P Names draft,
and ask what the status is and how to help out.
Theoretically the Tor Browser could come up with a different optional
mechanism for ensuring the integrity of TLS connections to hidden services
(based on the idea that virtually everyone who tries to use the hidden
services is using the Tor Browser code). I don't know whether the Tor
Browser developers currently think this is a worthwhile path. I can
think of arguments against it -- in particular, the next generation hidden
services design will provide much better cryptographic security than the
current HS mechanism does, so maybe it should just be a higher priority
to get that rolled out, rather than trying to make up new mechanisms to
help people use TLS on hidden services.
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
More information about the tor-talk