[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] You could use ModX to create .onion sites,

On Fri, 24 May 2013 07:22:28 +0000, Tom Ritter wrote:
> ... Actually that's not true.  I could have bought a certificate for a
> .onion address, any .onion address, from any CA until the end of 2015.

How that?

>  They're starting to phase them out now so "any CA" is probably not
> correct some "some CAs" would be true.  That's a mildly creepy
> thought, although the HS architecture should protect against that.

Hmm. Actually, we already have a kind of certificate - the HS itself.
What point does certificate verification serve in https to onion
site at all?

Would it be possible to put the server's HS cert keys into the the
SSL negotiation as well and have the browser either verify that
the public key matches the HS name, or not verify at all?
(And take a null cyphersuite as well?)


"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
tor-talk mailing list