[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Motivations for certificate issues for onion services



(2) What reasons do people have for wanting certificates that cover
onion names?  I think I know of at least three or four reasons, but I'm
interested in creating a list that's as thorough as possible.


Six to start with:

- not having to rewrite CMS code which assumes HTTPS, eg for secure
cookies; the Onion acts as a straight deployment on a new domain name

- corollary: not having to lobby browser manufacturers to pollute their
code to understand that http under this magical "onion" TLD is somehow
almost but not entirely treatable like https.

- access to secure-locked protocols like WebRTC

- protection of traffic for the link between Tor daemon (basically a
reverse-proxy) and the site load-balancer fanout in enterprise deployment

- user expectation for padlocks, consistency rather than special-snowflake
creeping featurism

- EV: attestation.

-alec
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk