Here is their blog post about the matter: https://blog.ian.sh/2014/10/31/tls-over-tor/ They have successfully managed to get a certificate issued with facebookcorewwwi.onion in the subjectAltName field. The cert file: https://paste.ian.sh/raw/omegi The subjectAltName: DNS:certly.io, DNS:*.certly.io, DNS:owa.certly.io, DNS:mail.certly.io, DNS:autodiscover.certly.io, DNS:*.assetsrv.com, DNS:facebookcorewwwi.onion Mike * on the Fri, Oct 31, 2014 at 12:52:27PM -0400, AntiTree wrote: > It appears that someone has been issued a facebookcorewwwi.onion cert > from another CA as .onion has no way of verifying a collision. > https://news.ycombinator.com/item?id=8538527 > > On Fri, Oct 31, 2014 at 12:12 PM, Andreas Krey <a.krey@xxxxxx> wrote: > > On Fri, 31 Oct 2014 16:49:38 +0000, AFO-Admin wrote: > > ... > >> Hi, > >> i really think that this is a good thing, because i think this hidden > >> service will get a lot attention in countries where Facebook is > >> blocked. > > > > In blocking countries you'll use Tor whether you to the .com > > or the .onion domain. The way around the block is tor, not the > > hidden service. > > > > The hidden service add a protection layer to the traffic from > > the tor network to facebook, but they are using SSL anyway. > > > > And it remains to be seen what they do with static assets > > that are loaded from different domains - but actually it wouldn't > > matter when those are not going through the hidden service. > > > > Andreas > > > > -- > > "Totally trivial. Famous last words." > > From: Linus Torvalds <torvalds@*.org> > > Date: Fri, 22 Jan 2010 07:29:21 -0800 > > -- > > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx > > To unsubscribe or change other settings go to > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk