This one that was in my initial reply:
http://lists.w3.org/Archives/Public/public-webapps/2015OctDec/0205.html
Le 16/12/2015 12:07, Andreas Krey a écrit :
> On Wed, 16 Dec 2015 11:54:09 +, Aymeric Vitte wrote:
> ...
>> I will not start a CA model discussion again, but the unanswered
>> questio
On Wed, 16 Dec 2015 11:54:09 +, Aymeric Vitte wrote:
...
> I will not start a CA model discussion again, but the unanswered
> question in the thread was: what can ws with https hurt exactly and why
> are we obliged to use insecure http with ws?
Which thread are you living in?
Andreas
--
"To
Whether we follow the logic completely (all TLS with valid certificates)
and we have a solution for all cases, whether we don't, and currently
the W3C folks don't (WebRTC example) and forbid other things not
explaining clearly why.
I will not start a CA model discussion again, but the unanswered
q
> For what use exactly? ie why people should want a TLS certificate for a
> .onion, which by definition is something not tied to an official
> "domain", like anything that has no other choice than using self-signed
> certificates?
The benefit of a publicly signed certificate over a snake-oil certi
On Tue, 15 Dec 2015 22:24:05 +, Aymeric Vitte wrote:
> For what use exactly? ie why people should want a TLS certificate for a
> .onion,
To get all the ways in which web browsers threat https differently
from http: mixed content warnings, cookie policies etc. pp.
Browsers won't special-case .o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Well,
I personally think the CA mechanism is broken, so letsencrypt would be the
better choice of the bad ones.
Maybe the tordevs could implement a mechanism for selfsigned certs with the key
mechanism of the hidden service itself to avoid the need
For what use exactly? ie why people should want a TLS certificate for a
.onion, which by definition is something not tied to an official
"domain", like anything that has no other choice than using self-signed
certificates?
Something can be done to verify that someone owns the .onion "domain"
and p
That's not a guide, it just says 'call us'
> On 15 Dec 2015, at 17:09, Fabio Pietrosanti (naif) - lists
> wrote:
>
> Hello,
>
> we asked on Twitter to Digicert to provide a quick guide on how order an
> x509v3 certificate for TLS for a .onion, they've just published this
> small guide:
> http
On 12/15/2015 05:52 PM, Andreas Krey wrote:
>> What about CAcert? I am using them for a while now but I have never
>> tried them for .onion...
> CAcert isn't in the default cert list of tor browser, so you
> get the cert exception dance once for each browser restart.
Plus they don't do EV so they
On Tue, 15 Dec 2015 17:35:19 +, cyb3rwr3ck wrote:
...
> What about CAcert? I am using them for a while now but I have never
> tried them for .onion...
CAcert isn't in the default cert list of tor browser, so you
get the cert exception dance once for each browser restart.
Andreas
--
"Totally
On 15.12.2015 17:09, Fabio Pietrosanti (naif) - lists wrote:
> Hopefully other CA will follow and at a certain point letsencrypt too.
>
What about CAcert? I am using them for a while now but I have never
tried them for .onion...
BR
F
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsu
Fabio Pietrosanti (naif) - lists writes:
> Hello,
>
> we asked on Twitter to Digicert to provide a quick guide on how order an
> x509v3 certificate for TLS for a .onion, they've just published this
> small guide:
> https://blog.digicert.com/ordering-a-onion-certificate-from-digicert/
>
> Hopeful
Hello,
we asked on Twitter to Digicert to provide a quick guide on how order an
x509v3 certificate for TLS for a .onion, they've just published this
small guide:
https://blog.digicert.com/ordering-a-onion-certificate-from-digicert/
Hopefully other CA will follow and at a certain point letsencrypt
13 matches
Mail list logo
