[tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

[Seth David Schoen]

Paul Syverson writes:

> As the cryptographic design changes for next generation onion services
> are now being rolled out, that
> in-my-opinion-never-actually-well-grounded concern will go away. I
> cover at a high level, a design for onion altnames in "The Once and
> Future Onion" [1] that I think is consistent with the current CA/B
> Forum issues about onion addresses. It doesn't cover all desired
> cases, so I hope you are successful. But I think it covers a lot of
> the ground.
> 
> [1] https://www.nrl.navy.mil/itd/chacs/syverson-once-and-future-onion

Thanks, I guess that's Section 5 there.

Do you think there should perhaps be a new OID with semantics like "for
each identifier that is a subject of this certificate and that contains
'onion' as one DNS label, we performed both clearnet and onion site DV"
and so "you can feel free to access the .onion version of this site
while also believing that it's run by the same organization as the TLD"?
Presumably such an OID could be added by a CA without a new CA/B Forum
ballot because it's just asserting an additional check and not reducing
the CA's verification obligations.

-- 
Seth Schoen  <schoen at eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107