[tor-talk] Giving Hidden Services some love

Katya Titov kattitov at yandex.com
Fri Jan 2 08:40:44 UTC 2015


Thomas White:
> The whole CA system is a broken model in many ways yes, but that
> doesn't mean we should totally disregard it. We can work with the CA's
> to build up a standing as long as we don't forget that CA's are no
> requirement to legitimacy. If a standard is set by the CA community
> this paves the way to other pushes and can be seen as a credential
> that this isn't some fad or "criminal" tool, but is a genuine and
> useful tool in this day and age.

This is an excellent point. Add to that the fact that we've been
telling people to check for the padlock for the better part of 20
years and we're finally seeing it roll out almost across the board. I
would think it's a little too early to move on to something else.

That being said, another option is to ditch the CAs and and use a TOFU
(trust on first use) and certificate transparency approach for .onion
domains within TBB. That gives us self-signed certificates and
reasonable security without warnings being presented to the user. The
Certificate Patrol and Perspectives plugins (and others) may be able to
be re-purposed.

Another thought: is it possible to tie the certificate's private key to
the private key of the hidden service and have TBB (or Tor) verify that?
-- 
kat


More information about the tor-talk mailing list