[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tor-talk] Giving Hidden Services some love
On Fri, 02 Jan 2015 06:26:34 +0000
Thomas White <firstname.lastname@example.org> wrote:
> The whole CA system is a broken model in many ways yes, but that
> doesn't mean we should totally disregard it. We can work with the CA's
> to build up a standing as long as we don't forget that CA's are no
> requirement to legitimacy. If a standard is set by the CA community
> this paves the way to other pushes and can be seen as a credential
> that this isn't some fad or "criminal" tool, but is a genuine and
> useful tool in this day and age.
Assuming someone believes that hidden services has a bad 'reputation',
I'm not sure that because a CA would be willing to issue certificates
for a .onion, that this will provide enough 'credentials' for people to
improve their view of hidden services.
I don't think we should look towards encouraging the use of a CA
signing a .onion. We should be looking towards more decentralized
methods, i.e. (which I'm sure people have read, but quoting none the
the less) the idea that was within Tor's blog post ...
"A more thorough approach in that direction is to have a way for a
hidden service to generate its own signed https cert using its onion
private key, and teach Tor Browser how to verify them — basically a
decentralized CA for .onion addresses, since they are
This gives the user some confidence (as they'll see the "https"), and
in my opinion moves away from a broken CA system.
tor-talk mailing list - email@example.com
To unsubscribe or change other settings go to