On 10 August 2017 at 01:51, Dave Warren wrote:
> On 2017-08-09 16:53, Seth David Schoen wrote:
>
> Notably, it doesn't apply to certificate authorities that only issue DV
>> certificates, because nobody at the time found a consensus about how to
>> validate control over these domain names.
>>
>
>
On Thu, Aug 10, 2017 at 2:53 AM, Roger Dingledine wrote:
>
> * Admins should be able to run their Tor onion service at a different
> location than their webserver. "End to end" in onion encryption means
> "Tor client to Tor client", but "end to end" in web encryption means
> "Browser to Webserver
Dave Warren writes:
> I don't completely understand this, since outside the Tor world it's
> possible to acquire DV certificates using verification performed on
> unencrypted (HTTP) channels.
>
> Wouldn't the same be possible for a .onion, simply requiring that the
> verification service act as a
On Wed, Aug 09, 2017 at 03:53:59PM -0700, Seth David Schoen wrote:
> There was also
> a long-standard concern about cryptographic strength mismatch in the
> sense that the cryptography used by onion services was weaker than the
> cryptography that's now used in TLS. (I think this concern was mis
On 2017-08-09 16:53, Seth David Schoen wrote:
Notably, it doesn't apply to certificate authorities that only issue DV
certificates, because nobody at the time found a consensus about how to
validate control over these domain names.
I don't completely understand this, since outside the Tor wo
(2) What reasons do people have for wanting certificates that cover
onion names? I think I know of at least three or four reasons, but I'm
interested in creating a list that's as thorough as possible.
Six to start with:
- not having to rewrite CMS code which assumes HTTPS, eg for secure
cookies
Hi folks,
For a long time, publicly-trusted certificate authorities were not
clearly permitted to issue certificates for .onion names. However, RFC
7686 and a series of three CA/Browser Forum ballots sponsored by Digicert
have allowed issuance of EV certificates (where the legal identity of
the c