[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Motivations for certificate issues for onion services

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Motivations for certificate issues for onion services
From: Dave Warren <davew@xxxxxxxxxxxx>
Date: Wed, 9 Aug 2017 18:51:14 -0600
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 09 Aug 2017 20:52:04 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple; d=hireahit.com; s=MD-20140321; t=1502326124; x=1502930924; i=davew@xxxxxxxxxxxx; q=dns/txt; h=Subject:To:References:From:Message-ID:Date: User-Agent:MIME-Version:In-Reply-To:Content-Type: Content-Language:Content-Transfer-Encoding; bh=a3euI/SQ8JegTMot7 7XDuKbeupUxdCnk0/Z4wtwJplA=; b=IVa18uOnDvM0hqx1rUOfKTrcoIu68xOaV Us7uNG4dej3ttRY7iQ0vIvUyO1o+5DKNOXdKM8h6k/fmIoboPtwNqubbzK0mwlhZ T2ubGQFM+MwiiOaaAdGzb8xjoCcr1YAbxcPvDvJ5ndqtdnl3U8hiIvSSngoQ9C2B vTN2iW5/uU=
In-reply-to: <20170809225359.GO8328@demorgan>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20170809225359.GO8328@demorgan>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
Vbr-info: md=hireahit.com; mc=all; mv=vbr.hireahit.com;

On 2017-08-09 16:53, Seth David Schoen wrote:

Notably, it doesn't apply to certificate authorities that only issue DV certificates, because nobody at the time found a consensus about how to validate control over these domain names.

I don't completely understand this, since outside the Tor world it'spossible to acquire DV certificates using verification performed onunencrypted (HTTP) channels.

Wouldn't the same be possible for a .onion, simply requiring that theverification service act as a Tor client? This would be at least asgood, given that Tor adds a bit of encryption.


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Motivations for certificate issues for onion services
  - From: Alec Muffett
- Re: [tor-talk] Motivations for certificate issues for onion services
  - From: Seth David Schoen

References:
- [tor-talk] Motivations for certificate issues for onion services
  - From: Seth David Schoen

Prev by Author: Re: [tor-talk] Why does tor control port 9051 allow empty authentication?
Next by Author: Re: [tor-talk] torproject package repository
Previous by thread: Re: [tor-talk] Motivations for certificate issues for onion services
Next by thread: Re: [tor-talk] Motivations for certificate issues for onion services
Index(es):
- Author
- Thread