[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Of CA-signed certs and .onion URIs

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Of CA-signed certs and .onion URIs
From: Griffin Boyce <griffin@xxxxxxxxxxxxx>
Date: Fri, 14 Nov 2014 21:50:17 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 14 Nov 2014 21:50:34 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptolab.net; s=stigmate; t=1416019821; bh=/K6yz+Qx7ek9NN8owp18jN410e1FW5DLuDuW/GcLtW4=; h=In-Reply-To:References:Subject:From:Date:To; b=uOOXQBlGmTx2BV9+V+vONlKqBH6XIguwh3O+KKRKzUgBau/Mj5+8UdnNbkaQqw8i0 6nz4pbMCfShpdScftzj6MNDuGhV2UInAi4SnNSkr8lS8j52cBVfeGY3Y9IjsSBlLUF Cz60qoVuzIIP6DrKVHbGV5p/jopLgukMQ7nOmOWI=
In-reply-to: <CAFggDF3DNnnfBVMvWmDyLJ-z+cUdJ=5WFva0BxpMxAR8iHHBqA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CA+cU71mOXg5kBMTPiNgS_7JZSnQmKbNCYtNH51mMunZY81JXAg@xxxxxxxxxxxxxx> <CAD8GWstArAG=oG_MROh2tnb7zYLMwA+bOVyWNRL1A_=FLZUO6w@xxxxxxxxxxxxxx> <a0f1d297cf5693a6147cec76ab6cf5e3@xxxxxxxxxxxxx> <CAFggDF3DNnnfBVMvWmDyLJ-z+cUdJ=5WFva0BxpMxAR8iHHBqA@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: K-9 Mail for Android

Fair. What are your thoughts about possible trade-offs with anonymity when using a CA-signed cert?

On November 14, 2014 9:38:02 PM EST, Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote:

On 11/15/14, Griffin Boyce <griffin@xxxxxxxxxxxxx> wrote:
 Lee wrote:
 c) Get .onion IANA reserved

 It doesn't look like that's going to happen.

    Yeah. Though the biggest use-case for cert+onion is when trying to
 match a clearnet service to a hidden service -- such as Facebook or
 Erowid.


That is false. Using TLS has many use-cases - one that is critically
important is stronger defense in depth.

All the best,
Jacob

tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Of CA-signed certs and .onion URIs
  - From: Jacob Appelbaum

References:
- [tor-dev] Of CA-signed certs and .onion URIs
  - From: Tom Ritter
- Re: [tor-dev] Of CA-signed certs and .onion URIs
  - From: Lee
- Re: [tor-dev] Of CA-signed certs and .onion URIs
  - From: Griffin Boyce
- Re: [tor-dev] Of CA-signed certs and .onion URIs
  - From: Jacob Appelbaum

Prev by Author: Re: [tor-dev] Of CA-signed certs and .onion URIs
Next by Author: [tor-dev] Stormy - request for feedback
Previous by thread: Re: [tor-dev] Of CA-signed certs and .onion URIs
Next by thread: Re: [tor-dev] Of CA-signed certs and .onion URIs
Index(es):
- Author
- Thread