Hi Q and others,
I have opened an issue about this proposal at https://github.com/cabforum/servercert/issues/433 and let's see how it goes.
In this version I added that the onion certificate seed can also
include nonce from CA and ACME client, so that it would have the
same proof online key possession propriety of the current version
of baseline requirement.
Shelikhoo
Hi Shelikhoo,
Your suggestion seems sound, and I’d like to see it progress further. However it is not in the CA/BF BR, so is unusable by CAs, and therefore out of scope of my project.
I suggest you take up your new method with the CA/BF for addition to their BR.
Thanks,Q
On 5 May 2023, at 15:56, Shelikhoo <shelikhoo@xxxxxxxxxxxxxx> wrote:
On 25/4/2023 1:02 pm, Q Misell via tor-dev wrote:
_______________________________________________Hi all,
I've spent some time working on ACME for Tor hidden services (you may have seen discussion of this work on the onion-advisors mailing list). Full details of the project are available at https://acmeforonions.org.
Attached is my proposal for a change to the Tor Rendezvous Specification to support the inclusion of CAA records in hidden service descriptors.
My fork of Tor implementing publishing these records is available at https://github.com/as207960/tor.
Thanks,Q
Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574. ICO register №: ZA782876. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively.
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://www.google.com/url?q=https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev&source=gmail-imap&ust=1683903406000000&usg=AOvVaw21rTr9V-e22BtvB4YoHDZ-
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev