On 12/29/2015 11:18 AM, Aeris wrote: >> A few hidden services have added an >> HTTPS cert but I think that's mostly for a publicity stunt than anything >> else. > > As indicated in the rogerâs lecture, HTTPS is usefull for HS : > - browsers handle more securely cookies or other stuff in HTTPS mode, > avoiding some possible leaks > - because anybody can create an HS and proxify any content, X.509 certs > allow users to verify the authenticity of the HS (you are on the official > Facebook HS if you have a cert with facebook.com *AND* facebookcorewwwi.onion > inside) > I've downloaded the .webm of Roger's lecture but haven't had the time today to listen to it. My point was that HSs already have an authentication mechanism and it's assumed that you can verify the address through some trusted out-of-band method, so in that case you don't need an SSL cert. This can sometimes be superior to trusting the centralized CA model, but I agree that the points you've listed are useful applications as well. -- Jesse V
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays