[tor-talk] Motivations for certificate issues for onion services

Dave Warren davew at hireahit.com
Thu Aug 10 00:51:14 UTC 2017


On 2017-08-09 16:53, Seth David Schoen wrote:

> Notably, it doesn't apply to certificate authorities that only issue DV certificates, because nobody at the time found a consensus about how to validate control over these domain names.

I don't completely understand this, since outside the Tor world it's 
possible to acquire DV certificates using verification performed on 
unencrypted (HTTP) channels.

Wouldn't the same be possible for a .onion, simply requiring that the 
verification service act as a Tor client? This would be at least as 
good, given that Tor adds a bit of encryption.



More information about the tor-talk mailing list