[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Of CA-signed certs and .onion URIs



Fair. What are your thoughts about possible trade-offs with anonymity when using a CA-signed cert?


On November 14, 2014 9:38:02 PM EST, Jacob Appelbaum <jacob@xxxxxxxxxxxxx> wrote:
On 11/15/14, Griffin Boyce <griffin@xxxxxxxxxxxxx> wrote:
Lee wrote:
c) Get .onion IANA reserved

It doesn't look like that's going to happen.

Yeah. Though the biggest use-case for cert+onion is when trying to
match a clearnet service to a hidden service -- such as Facebook or
Erowid.


That is false. Using TLS has many use-cases - one that is critically
important is stronger defense in depth.

All the best,
Jacob


tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev