[tor-talk] Motivations for certificate issues for onion services
Alec Muffett
alec.muffett at gmail.com
Wed Aug 9 23:07:53 UTC 2017
(2) What reasons do people have for wanting certificates that cover
onion names? I think I know of at least three or four reasons, but I'm
interested in creating a list that's as thorough as possible.
Six to start with:
- not having to rewrite CMS code which assumes HTTPS, eg for secure
cookies; the Onion acts as a straight deployment on a new domain name
- corollary: not having to lobby browser manufacturers to pollute their
code to understand that http under this magical "onion" TLD is somehow
almost but not entirely treatable like https.
- access to secure-locked protocols like WebRTC
- protection of traffic for the link between Tor daemon (basically a
reverse-proxy) and the site load-balancer fanout in enterprise deployment
- user expectation for padlocks, consistency rather than special-snowflake
creeping featurism
- EV: attestation.
-alec
More information about the tor-talk
mailing list