[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Motivations for certificate issues for onion services

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Motivations for certificate issues for onion services
From: Seth David Schoen <schoen@xxxxxxx>
Date: Wed, 9 Aug 2017 23:24:00 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 10 Aug 2017 02:24:22 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date; bh=XxKj5fYaPRjrUcJ9pyD+f/WqUgESq2kMAZgAihToSxE=; b=bcEsXlyOe3ZbO+zEBdF7wIuJeUdQMHkSrW12zNxNlSEd9/6J9Bkbp2r1wTBqg0dcCK73Dj2yIUhZL1898Jo/o0EgKnVWW6REVw6Yaqy8NJaRSK4z9p6dvxp2GhgKBU3t1/U5B7DlVAE1fjdGmgDWXcvYKNQNSSf436yIdT2iEaE=;
In-reply-to: <ef65007f-9224-91a0-fe7d-7dcc4294045c@hireahit.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20170809225359.GO8328@demorgan> <ef65007f-9224-91a0-fe7d-7dcc4294045c@hireahit.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.24 (2015-08-30)

Dave Warren writes:

> I don't completely understand this, since outside the Tor world it's
> possible to acquire DV certificates using verification performed on
> unencrypted (HTTP) channels.
> 
> Wouldn't the same be possible for a .onion, simply requiring that the
> verification service act as a Tor client? This would be at least as good,
> given that Tor adds a bit of encryption.

I think Roger's reply to my message addresses reasons why I think this
is a good argument, and I'm in agreement with you.  However, with
next-generation onion services, it should no longer be necessary to have
any form of this argument.

-- 
Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Motivations for certificate issues for onion services
  - From: Seth David Schoen
- Re: [tor-talk] Motivations for certificate issues for onion services
  - From: Dave Warren

Prev by Author: Re: [tor-talk] MTor (multicast tor), is it going to be released?
Next by Author: Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation
Previous by thread: Re: [tor-talk] Motivations for certificate issues for onion services
Next by thread: Re: [tor-talk] Motivations for certificate issues for onion services
Index(es):
- Author
- Thread