Delivery-Date: Tue, 15 Dec 2015 16:24:15 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 144881E0AE8;
	Tue, 15 Dec 2015 16:24:13 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 10B60383C4;
	Tue, 15 Dec 2015 21:24:09 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 1BE71382CD
 for <tor-talk@lists.torproject.org>; Tue, 15 Dec 2015 21:24:05 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 2YEh8NRkz7Ul for <tor-talk@lists.torproject.org>;
 Tue, 15 Dec 2015 21:24:05 +0000 (UTC)
Received: from mail-wm0-x22c.google.com (mail-wm0-x22c.google.com
 [IPv6:2a00:1450:400c:c09::22c])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id CA18138299
 for <tor-talk@lists.torproject.org>; Tue, 15 Dec 2015 21:24:04 +0000 (UTC)
Received: by mail-wm0-x22c.google.com with SMTP id l126so12919761wml.1
 for <tor-talk@lists.torproject.org>; Tue, 15 Dec 2015 13:24:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=subject:to:references:from:message-id:date:user-agent:mime-version
 :in-reply-to:content-type:content-transfer-encoding;
 bh=Uk3IEmcOZcomT+ILnJAhjpAWikB0dN1HV/Wr7PPy3yE=;
 b=UyV2dCFf9Vdo256XUYCGjc85m/NqqwF27L94m0Io+UJuZs99ciNIQnB82pvP8VFEqu
 nOY46przDDXSYsMhfgbWDlnECQ4kQKyxEm42bhRBJsHlBlFlv2FbWUtVj/Sg5kYbar/X
 ngt9JRiZCaydSxS3/XI+9hspVRV4ygwxqmJQwrVPohstaBpfr4Uq8c3TE+dLV/1x5RHA
 cBvhS8co4pj7Gbq5+XHms+2jRq0I8xZcKtrlUVBsOiphBQOL2nYWRuVYgSdNOj5JvJjW
 gXFbPYk47m6ENxsFJgf0NpRYh5fGSxlpG1mbtZ9ucvC3M3Wl6ag1Yhd6gWQEqGO1YOW5
 E9Qg==
X-Received: by 10.28.104.132 with SMTP id d126mr7446912wmc.30.1450214641935;
 Tue, 15 Dec 2015 13:24:01 -0800 (PST)
Received: from [192.168.1.10] (ANice-654-1-51-133.w83-201.abo.wanadoo.fr.
 [83.201.222.133])
 by smtp.googlemail.com with ESMTPSA id 193sm22704532wmp.16.2015.12.15.13.24.00
 for <tor-talk@lists.torproject.org>
 (version=TLSv1/SSLv3 cipher=OTHER);
 Tue, 15 Dec 2015 13:24:01 -0800 (PST)
To: tor-talk@lists.torproject.org
References: <56703B56.5050603@infosecurity.ch>
From: Aymeric Vitte <vitteaymeric@gmail.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <567084F5.5080604@gmail.com>
Date: Tue, 15 Dec 2015 22:24:05 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:38.0) Gecko/20100101
 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <56703B56.5050603@infosecurity.ch>
Subject: Re: [tor-talk] Ordering a .onion EV certificate from Digitcert
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

For what use exactly? ie why people should want a TLS certificate for a
.onion, which by definition is something not tied to an official
"domain", like anything that has no other choice than using self-signed
certificates?

Something can be done to verify that someone owns the .onion "domain"
and probably we should study this (for letsencrypt for example) and get
rid of this notion of "domain" which is obsolete, please take a look at
this thread
http://lists.w3.org/Archives/Public/public-webapps/2015OctDec/0205.html
(follow the previous posts if you have time, this addresses the very
same problematic, including letsencrypt), still not convincingly
answered (despite of the fact that the W3C obviously does not follow its
security policy for WebRTC), since people there seem to find a kind of
funny the Tor protocol but, happier for the planet, succeeded to secure
it with a fb .onion certificate.

Le 15/12/2015 17:09, Fabio Pietrosanti (naif) - lists a =E9crit :
> Hello,
> =

> we asked on Twitter to Digicert to provide a quick guide on how order an
> x509v3 certificate for TLS for a .onion, they've just published this
> small guide:
> https://blog.digicert.com/ordering-a-onion-certificate-from-digicert/
> =

> Hopefully other CA will follow and at a certain point letsencrypt too.
> =


-- =

Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

