[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Giving Hidden Services some love



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The whole CA system is a broken model in many ways yes, but that
doesn't mean we should totally disregard it. We can work with the CA's
to build up a standing as long as we don't forget that CA's are no
requirement to legitimacy. If a standard is set by the CA community
this paves the way to other pushes and can be seen as a credential
that this isn't some fad or "criminal" tool, but is a genuine and
useful tool in this day and age.

Re: setting up a CA. I done some research on this a while ago after
bouncing the idea around on IRC and the problem is the legal side of
things. It will be difficult for Mozilla to accept a CA who would only
sign for .onion certificates (there is no policy in place but it seems
the easiest route rather than applying for a full spectrum CA root
cert include). Even if any of the certificates are granted for that
org to become a CA you have considerations such as insurance (which I
do believe is a requirement). I mean it is certainly possible, but it
would require a huge amount of co-ordinated effort, a contact within
Mozilla, the proper technical and legal infrastructure etc. I am more
than happy to advise on such things with what research I have already
done, but right now I think petitioning the existing CA's who have
policy influence may be a better route.

T

Peter Tonoli:
> On 2/01/2015 4:03 pm, Virgil Griffith wrote:
>> Being a CA for .onion seems a reasonable thing to be.  Should
>> someone already part of the Tor community like torservers.net
>> become that CA?
> 
> I thought the general consensus was that the CA system is totally 
> broken. Why would we want to build on an already broken system, 
> considering the trust and reliability that's required for Tor?
> 
>> On Thu, Jan 1, 2015 at 6:52 PM, Thomas White
>> <thomaswhite@riseup.net> wrote: To individuals - no. However that
>> being said, I am currently working with two CA's on getting them
>> to set out a standard to adopt with the other CAs since they
>> cannot just issue a certificate without following the guidance
>> that the CA Forum sets out. Right now their main problem is that
>> there is no policy on it and so standardising the procedure is 
>> required for any certificates with an expiry beyond November
>> 2015.
>> 
>> I'll update this list when we have new information on the matter
>> but I don't expect an update until their next official policy
>> meeting around May I believe.

- -- 
Activist, anarchist and a bit of a dreamer.

PGP Keys: key.thecthulhu.com
Current Fingerprint: E771 BE69 4696 F742 DB94 AA8C 5C2A 8C5A 0CCA 4983
Key-ID: 0CCA4983
Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0
Key-ID: EF1009F0

Twitter: @CthulhuSec
XMPP: thecthulhu at jabber.ccc.de
XMPP-OTR: 4321B19F A9A3462C FE64BAC7 294C8A7E A53CC966
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUpjoYAAoJEFwqjFoMykmDiCcQAKcTvfFpRud3Mlguc5WN4deI
GfL6TIaW04DXQE76trkMKgPgpYXeXaOHzZwpOMf2MK1GcWF7vHCnmNrnH7xc2Xze
5zMFYGEPRBt9iftTFI+z2k64SP1L+qpXfL/1ZDWdvt/VRjecdANPjIXZOhNzCMI3
XYTNcs1nIqh8I5Nlyro2mRj8nPY4ohCAfhpt1IMk15KgRVvZBmxj2b2FUjPcxg4v
0DW2Xg6FD64Wgt3/L34ehWFLb7hx5k49XZaGXl6iLK438jd366Kp2GNf8X/Jqe0T
oUwohRzXvz10RnCYtZF9GRs8JUsf/ZLuzGylFK+fL9Uy8AQyzMQeHTGTDnvI+Bh/
VYUegyrrrIJ9+UsJJnzrV4xdzdmhqhnzJLDRW1qe/iI5ZjK4ele7ikQTC4x2XEl2
ekyPOhBHT5UPb5/eh+flVdO8WF+cgpKzDPHeu5yWpaLB0/eIgWavF5oKq6sfP0W6
ICmca3sEoOY2c1gisK1xy+1bqxIloLyHLLKnjlh3XI0zby8E0jWk/bL1lWZBhnFv
Tey4DzlMi5y8tI32Ur5uy3YNTUgHTmBn2/sS/N3OQyxM1lCSeKCJ+wvgQehV+llU
stYau8P0ddIH6UNFFf01llTOML/vgi0jXSESs2oCDkVJiVYIeHt4ocXiB6llAXLO
afBQAemTYll+bYuocaAM
=gIyH
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk