On Wed, Aug 30, 2017 at 11:28:13AM -0700, Seth David Schoen wrote:
> Roger Dingledine writes:
>
> > I think finding ways to tie onion addresses to normal ("insecure web")
> > domains, when a service has both, is really important too. I'd like to
> > live in a world where Let's Encrypt gives you an onion altname in your
> > https cert by default, and spins up a Tor client by default to let users
> > reach your webserver using whichever level of security they prefer.
>
> Well, I'm still working on being able to write to the CA/B Forum about
> this issue... hopefully we'll find out soon what that community is
> thinking.
As the cryptographic design changes for next generation onion services
are now being rolled out, that
in-my-opinion-never-actually-well-grounded concern will go away. I
cover at a high level, a design for onion altnames in "The Once and
Future Onion" [1] that I think is consistent with the current CA/B
Forum issues about onion addresses. It doesn't cover all desired
cases, so I hope you are successful. But I think it covers a lot of
the ground.
[1] https://www.nrl.navy.mil/itd/chacs/syverson-once-and-future-onion
aloha,
Paul
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
