Thomas White: > The whole CA system is a broken model in many ways yes, but that > doesn't mean we should totally disregard it. We can work with the CA's > to build up a standing as long as we don't forget that CA's are no > requirement to legitimacy. If a standard is set by the CA community > this paves the way to other pushes and can be seen as a credential > that this isn't some fad or "criminal" tool, but is a genuine and > useful tool in this day and age.
This is an excellent point. Add to that the fact that we've been telling people to check for the padlock for the better part of 20 years and we're finally seeing it roll out almost across the board. I would think it's a little too early to move on to something else. That being said, another option is to ditch the CAs and and use a TOFU (trust on first use) and certificate transparency approach for .onion domains within TBB. That gives us self-signed certificates and reasonable security without warnings being presented to the user. The Certificate Patrol and Perspectives plugins (and others) may be able to be re-purposed. Another thought: is it possible to tie the certificate's private key to the private key of the hidden service and have TBB (or Tor) verify that? -- kat -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
