[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Re: Using hidden service key with TLS client authentication

Hi techmetx11,

(Attempted resend since send from my Navy mail appearently failed to
reach tor-dev.  Apologies if you got this twice. -PFS)

I don't know if this fits what you need. But we have used the onion
address as subdomain to put it into TLS certificates in the case where
there is an associated domain name. E.g. Mullvad has a TLS certificate
with the following SANs

o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiadonion.mullvad.net
o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiadonion.www.mullvad.net/

We've used this in a couple of ways, for self-authenticating
traditional addresses and for sauteed onions.

See e.g. https://arxiv.org/abs/2110.03168 and
https://www.sauteed-onions.org/ Happy to talk more if asked about
recent work on associating onion addresses with atproto handles as
alternative/additional meaningful address.

In case it helps for your use case, note that you don't need to keep
the service accessible at the registered domain address. It only has
to be available during issuance (depending on the means of
verification used).

You can also just get a certificate for an onion address. Issuance via
ACME is still not available last I checked despite the efforts of Q
Misell and others. Last I checked (some time ago) you can get a DV
cert issued manually from HARICA or an EV cert from DigiCert.

The syverSAN technique OTOH works fine with Let's Encrypt issuance.
Hope that helps.

Si sanus es, sanus sum,
Paul

> 
> On 6/8/26, 4:32 AM, "techmetx11 via tor-dev" wrote:
> 
> 
> Hi tor-dev mailing list,
> 
> 
> Is there a way to capsulate a Tor hidden service Ed25519 private key
> inside a TLS EE certificate and use it in TLS?
> 
> 
> I wanted to use this specifically for XMPP's server-to-server TLS
> connections, which uses mTLS to prove if the client connecting is who
> they say they are. Currently with XMPP Tor server-to-server connections,
> we have to use dialback (telling the server to connect back to the
> client to authenticate its identity,
> https://xmpp.org/extensions/xep-0220.html <https://xmpp.org/extensions/xep-0220.html>) to prove it, which is a
> legacy and insecure form of server-to-server authentication
> 
> 
> If this is possible, then it would get rid of a reason to keep dialback
> around and less roundtrip for the server authentication.
> 
> 
> Kind regards,
> 
> 
> techmetx11
> 
> 
> _______________________________________________
> tor-dev mailing list -- tor-dev@xxxxxxxxxxxxxxxxxxxx <mailto:tor-dev@xxxxxxxxxxxxxxxxxxxx>
> To unsubscribe send an email to tor-dev-leave@xxxxxxxxxxxxxxxxxxxx <mailto:tor-dev-leave@xxxxxxxxxxxxxxxxxxxx>
> 
> 
> 
_______________________________________________
tor-dev mailing list -- tor-dev@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-dev-leave@xxxxxxxxxxxxxxxxxxxx