Dave Warren writes: > I don't completely understand this, since outside the Tor world it's > possible to acquire DV certificates using verification performed on > unencrypted (HTTP) channels. > > Wouldn't the same be possible for a .onion, simply requiring that the > verification service act as a Tor client? This would be at least as good, > given that Tor adds a bit of encryption.
I think Roger's reply to my message addresses reasons why I think this is a good argument, and I'm in agreement with you. However, with next-generation onion services, it should no longer be necessary to have any form of this argument. -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk