On 20 February 2017 at 09:45, Georg Koppen <g...@torproject.org> wrote:
> I don't think so as I don't see how next generation .onion services
> solve the underlying problem.
I believe they are referring to something which I have also heard from CA/B
Forum, regards SSL certificates.
There's a general perception in industry - with some justification - that
goes:
SHA1 is bad.
And current Onion addresses are based on SHA1.
And they're only 80 bits, truncated SHA1.
So current onion addresses are bad, too.
Because a bad person could brute-force an 80 bit collision to hijack an
onion address.
And that would be bad.
Also, it would be way easier** than (say) social-engineering a CA to
issue a certificate to a fake or phishing site.
Because that never** happens.
So: industry thinks that 80-bit cryptographic addresses are
brute-forceable, thus will not issue DV SSL certificates for them. Instead
they will only permit EV certificates to be issued.
After all, having trivially** collided an 80-bit hash and set up your fake
Facebook Onion, you don't want some CA's automated
"URL-secret-cookie-reachability"-based certificate generator to blindly
issue an SSL certificate for the fake onion, thereby putting the SSL stamp
of approval on the site; that would be bad.
Hence EV, which requires a more intimate relationship with the requester,
to mitigate this tremendous** security risk.
I suspect that the OP is pointing out that Prop224, with its 256-bit onion
addresses, will be much more resistant to brute force and therefore may be
more broadly acceptable to the trust/comms industry.
-a
** your mileage may vary.
--
http://dropsafe.crypticide.com/aboutalecm
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
