[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #21767 [Applications/Tor Browser]: Tor CA - .onion SSL system



#21767: Tor CA - .onion SSL system
------------------------------------------+----------------------
     Reporter:  ikurua22                  |      Owner:  tbb-team
         Type:  project                   |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 While Tor hidden service is secure by default, many websites are shifting
 to HTTPS. Some .onion websites provide HTTPS access with self-sign certi-
 ficate. .onion website can be viewed only from Tor network, especially
 from "Tor Browser" by Tor project, and "Orfox" by GuardianProject.

 Thus, I suggest this project: ".onion Certificate Authority"(TorOCA).

 It's like "LetsEncrypt" - "clearnet" + ".onion".
 TorOCA gives a pair of certificate(you know, pem and key) to .onion
 holder.

 1) "Tor Browser" have TorOCA root certificate as acceptable authority.
 2) User visit https .onion website.
 3) The server send TLS certification, which is signed by TorOCA.
 4) User can visit the website without warning.

 Consider:
 1) Pricing. Free is good, but how about ".onion cert/$10/one-time"? This
 will help Tor project income.
 2) Sub-domain. Some .onion websites use subdomain instead of their main
 domain.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21767>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs