-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 The whole CA system is a broken model in many ways yes, but that doesn't mean we should totally disregard it. We can work with the CA's to build up a standing as long as we don't forget that CA's are no requirement to legitimacy. If a standard is set by the CA community this paves the way to other pushes and can be seen as a credential that this isn't some fad or "criminal" tool, but is a genuine and useful tool in this day and age.
Re: setting up a CA. I done some research on this a while ago after bouncing the idea around on IRC and the problem is the legal side of things. It will be difficult for Mozilla to accept a CA who would only sign for .onion certificates (there is no policy in place but it seems the easiest route rather than applying for a full spectrum CA root cert include). Even if any of the certificates are granted for that org to become a CA you have considerations such as insurance (which I do believe is a requirement). I mean it is certainly possible, but it would require a huge amount of co-ordinated effort, a contact within Mozilla, the proper technical and legal infrastructure etc. I am more than happy to advise on such things with what research I have already done, but right now I think petitioning the existing CA's who have policy influence may be a better route. T Peter Tonoli: > On 2/01/2015 4:03 pm, Virgil Griffith wrote: >> Being a CA for .onion seems a reasonable thing to be. Should >> someone already part of the Tor community like torservers.net >> become that CA? > > I thought the general consensus was that the CA system is totally > broken. Why would we want to build on an already broken system, > considering the trust and reliability that's required for Tor? > >> On Thu, Jan 1, 2015 at 6:52 PM, Thomas White >> <[email protected]> wrote: To individuals - no. However that >> being said, I am currently working with two CA's on getting them >> to set out a standard to adopt with the other CAs since they >> cannot just issue a certificate without following the guidance >> that the CA Forum sets out. Right now their main problem is that >> there is no policy on it and so standardising the procedure is >> required for any certificates with an expiry beyond November >> 2015. >> >> I'll update this list when we have new information on the matter >> but I don't expect an update until their next official policy >> meeting around May I believe. - -- Activist, anarchist and a bit of a dreamer. PGP Keys: key.thecthulhu.com Current Fingerprint: E771 BE69 4696 F742 DB94 AA8C 5C2A 8C5A 0CCA 4983 Key-ID: 0CCA4983 Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0 Key-ID: EF1009F0 Twitter: @CthulhuSec XMPP: thecthulhu at jabber.ccc.de XMPP-OTR: 4321B19F A9A3462C FE64BAC7 294C8A7E A53CC966 -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUpjoYAAoJEFwqjFoMykmDiCcQAKcTvfFpRud3Mlguc5WN4deI GfL6TIaW04DXQE76trkMKgPgpYXeXaOHzZwpOMf2MK1GcWF7vHCnmNrnH7xc2Xze 5zMFYGEPRBt9iftTFI+z2k64SP1L+qpXfL/1ZDWdvt/VRjecdANPjIXZOhNzCMI3 XYTNcs1nIqh8I5Nlyro2mRj8nPY4ohCAfhpt1IMk15KgRVvZBmxj2b2FUjPcxg4v 0DW2Xg6FD64Wgt3/L34ehWFLb7hx5k49XZaGXl6iLK438jd366Kp2GNf8X/Jqe0T oUwohRzXvz10RnCYtZF9GRs8JUsf/ZLuzGylFK+fL9Uy8AQyzMQeHTGTDnvI+Bh/ VYUegyrrrIJ9+UsJJnzrV4xdzdmhqhnzJLDRW1qe/iI5ZjK4ele7ikQTC4x2XEl2 ekyPOhBHT5UPb5/eh+flVdO8WF+cgpKzDPHeu5yWpaLB0/eIgWavF5oKq6sfP0W6 ICmca3sEoOY2c1gisK1xy+1bqxIloLyHLLKnjlh3XI0zby8E0jWk/bL1lWZBhnFv Tey4DzlMi5y8tI32Ur5uy3YNTUgHTmBn2/sS/N3OQyxM1lCSeKCJ+wvgQehV+llU stYau8P0ddIH6UNFFf01llTOML/vgi0jXSESs2oCDkVJiVYIeHt4ocXiB6llAXLO afBQAemTYll+bYuocaAM =gIyH -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
