[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Giving Hidden Services some love



On 2015-01-04 02:37, Peter Tonoli wrote:
> EV certificates don't fix any problem. The validation of a 'legal
> entity' is purely due to an agreed policy. A rogue, compromised, or
> alternate CA could release certificates with EV fields that don't
> 'rigorously' validate the organisation that applies for the certificate.

I am assuming here that users trust CAs - I think a fair assumption for
practical purposes since this is the foundation of the current
open-internet system. Fixing the problem in a general way is a much more
ambitious goal than just extending this assurance to Tor.

> Which contradicts with the point of hidden services in the first place,
> that neither party knows the others identity [1].
> 
> [1] https://www.torproject.org/docs/hidden-services.html.en

Yet organizations like Facebook, DuckDuckGo, and others that do not
intend to remain anonymous operate hidden services. Clearly there are
use cases where anonymity is not a requirement and is even undesirable.
These are probably a minority I agree, making this a small issue in the
grand scheme of things. Just one I thought worth explaining since SSL
came up.

jc
--
Jesse B. Crawford
Student, Information Technology
New Mexico Inst. of Mining & Technology

https://jbcrawford.us // jesse@jbcrawford.us
https://cs.nmt.edu/~jcrawford // jcrawford@cs.nmt.edu
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk