[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Of CA-signed certs and .onion URIs

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Of CA-signed certs and .onion URIs
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Mon, 17 Nov 2014 17:48:26 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 17 Nov 2014 17:48:40 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=+WlcKpYa0/c6HK+Ut11tOZwXQiLuIAweWbk47ego6aA=; b=XF7Bx15tzyYuTr2epIf6dVnNZACKfwhJMDsO7C0UVqgMu0a97cPhpm1DS+ySoPenA+ zo+eZkDT8oXU6+zH59bhJ2JOUFRlsypP/j+wQGUrZ3wNKyYt20G9q4JGT67RQbiPJcK3 lAvPECM2VeD0sdJUmrY9Qh0Mc7MrDc+khGbOdV/uP75/7OIi8u9RaEhzVekLmoMBn8Or eIi9VESNNf9VxrF+Tl/WGYWD4b0tFQ0FheEl1/TdRzL+azFfOONdF4ulu4DZjD6VArP8 FHiE0bns9IZ52S0Tfd+459AM/is/aOZRxjQZHZFc+WXoyBOS7gM3MxRaiURxG7HLNp7Q 8TzQ==
In-reply-to: <CA+cU71mOXg5kBMTPiNgS_7JZSnQmKbNCYtNH51mMunZY81JXAg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CA+cU71mOXg5kBMTPiNgS_7JZSnQmKbNCYtNH51mMunZY81JXAg@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Fri, Nov 14, 2014 at 12:08 PM, Tom Ritter <tom@xxxxxxxxx> wrote:
> a) Eliminate self-signed certificate errors when browsing https:// on
> an onion site

No, please don't. Browsers throw cert errors for good reasons.
If you don't want to deal with it, just click accept or otherwise
pin them out in your trust store. Blind acceptance of certs just
because the TLD says .onion is just as dumb as trusting .com.
And if Joe and Jane's cluster of services wishes to publish a CA or
any other form of trustweb you're going to break that too. Don't do that.
If you don't think trust has the similar uses in anon networks as
on clearnet, or will never appear there, you need to open your eyes.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Of CA-signed certs and .onion URIs
  - From: Matthew Finkel

References:
- [tor-dev] Of CA-signed certs and .onion URIs
  - From: Tom Ritter

Prev by Author: [tor-dev] More consistant src/or/config.c [patch]
Next by Author: Re: [tor-dev] Of CA-signed certs and .onion URIs
Previous by thread: Re: [tor-dev] Of CA-signed certs and .onion URIs
Next by thread: Re: [tor-dev] Of CA-signed certs and .onion URIs
Index(es):
- Author
- Thread