[tor-talk] Giving Hidden Services some love
Matthew Puckey
matt at puckey.org
Mon Jan 5 19:50:01 UTC 2015
On Sun, 04 Jan 2015 13:31:17 -0800
"Jesse B. Crawford" <jesse at jbcrawford.us> wrote:
> On 2015-01-04 02:37, Peter Tonoli wrote:
> > EV certificates don't fix any problem. The validation of a 'legal
> > entity' is purely due to an agreed policy. A rogue, compromised, or
> > alternate CA could release certificates with EV fields that don't
> > 'rigorously' validate the organisation that applies for the
> > certificate.
>
> I am assuming here that users trust CAs - I think a fair assumption
> for practical purposes since this is the foundation of the current
> open-internet system.
I'm not sure that is a fair assumption; Comodo for example. Purely
because today a lot of secure communication relies on CAs, I don't
think is a reason to continue along the same path and not look into
alternatives.
> Fixing the problem in a general way is a much
> more ambitious goal than just extending this assurance to Tor.
I 100% agree the CA issue is a much bigger one than this conversation,
but the situations *are* different.
Saying that, I do understand the "architectural
considerations" (-Facebook) that some large companies might have.
--
Matthew Puckey
More information about the tor-talk
mailing list