[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Of CA-signed certs and .onion URIs



On Fri, Nov 14, 2014 at 12:08 PM, Tom Ritter <tom@xxxxxxxxx> wrote:
> a) Eliminate self-signed certificate errors when browsing https:// on
> an onion site

No, please don't. Browsers throw cert errors for good reasons.
If you don't want to deal with it, just click accept or otherwise
pin them out in your trust store. Blind acceptance of certs just
because the TLD says .onion is just as dumb as trusting .com.
And if Joe and Jane's cluster of services wishes to publish a CA or
any other form of trustweb you're going to break that too. Don't do that.
If you don't think trust has the similar uses in anon networks as
on clearnet, or will never appear there, you need to open your eyes.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev