Delivery-Date: Fri, 02 Jan 2015 01:27:00 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY,
	URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 80AFB1E0667
	for <archiver@seul.org>; Fri,  2 Jan 2015 01:26:58 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id C9BDD326FD;
	Fri,  2 Jan 2015 06:26:52 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 70BA430EA0
 for <tor-talk@lists.torproject.org>; Fri,  2 Jan 2015 06:26:48 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id bDLAt81YL_SH for <tor-talk@lists.torproject.org>;
 Fri,  2 Jan 2015 06:26:48 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 36D4530694
 for <tor-talk@lists.torproject.org>; Fri,  2 Jan 2015 06:26:48 +0000 (UTC)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id 3566141B02
 for <tor-talk@lists.torproject.org>; Fri,  2 Jan 2015 06:26:45 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1420180005; bh=Ms3uSO+65ue6TICEBwHCe/QHZxvYJ687c2wEXPxm1fc=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=OciNWW+FZlI3159kR65PRUMUR9kfczIWShp9NoeO9O51fSgQFTDfeMx8PjKKBh3yr
 kwuSDpC/fe1F8qXE99FVKfoHYbm4oHBY/U3t5m3uIOZhD58nUt8zMs3XebwBAd/Q/W
 wFssr4P1qm2PK3gLDFC2WP0GG+3nEH83xZHCBIrc=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: thomaswhite) with ESMTPSA id 4C33C42883
Message-ID: <54A63A1A.50307@riseup.net>
Date: Fri, 02 Jan 2015 06:26:34 +0000
From: Thomas White <thomaswhite@riseup.net>
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <54A4A69B.4020803@riseup.net>
 <20150101132852.73822cef@localhost.localdomain> <54A4C6BF.3040207@riseup.net>
 <20150101143551.00c64c7e@localhost.localdomain>
 <218CCDA8-6BB7-4C1C-B806-A1CEAB42A1C0@riseup.net>
 <20150101170451.33e950e6@localhost.localdomain> <54A59E83.1080300@riseup.net>
 <20150102104622.3e5fb008@localhost.localdomain>
 <0BE4AC7A-4DA6-4F56-8B88-9C2B93E9FC7A@riseup.net>
 <CADop2NEx22J2qGspApv588uC8o32OmS8zzV5yyek_UxtMxZGiw@mail.gmail.com>
 <CAJaLD9+M8EErJ11LRGQYrYLOf+9+8dQL6RawC+3UY-ojLd=sWQ@mail.gmail.com>
 <54A607EB.1020505@riseup.net>
 <CADop2NE5tY_97XdYY=UWfd_xvbByPqd95LW4Z8G4Q+m44n-YZQ@mail.gmail.com>
 <54A62DB2.5010806@metaverse.org>
In-Reply-To: <54A62DB2.5010806@metaverse.org>
X-Virus-Scanned: clamav-milter 0.98.5 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] Giving Hidden Services some love
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The whole CA system is a broken model in many ways yes, but that
doesn't mean we should totally disregard it. We can work with the CA's
to build up a standing as long as we don't forget that CA's are no
requirement to legitimacy. If a standard is set by the CA community
this paves the way to other pushes and can be seen as a credential
that this isn't some fad or "criminal" tool, but is a genuine and
useful tool in this day and age.

Re: setting up a CA. I done some research on this a while ago after
bouncing the idea around on IRC and the problem is the legal side of
things. It will be difficult for Mozilla to accept a CA who would only
sign for .onion certificates (there is no policy in place but it seems
the easiest route rather than applying for a full spectrum CA root
cert include). Even if any of the certificates are granted for that
org to become a CA you have considerations such as insurance (which I
do believe is a requirement). I mean it is certainly possible, but it
would require a huge amount of co-ordinated effort, a contact within
Mozilla, the proper technical and legal infrastructure etc. I am more
than happy to advise on such things with what research I have already
done, but right now I think petitioning the existing CA's who have
policy influence may be a better route.

T

Peter Tonoli:
> On 2/01/2015 4:03 pm, Virgil Griffith wrote:
>> Being a CA for .onion seems a reasonable thing to be.  Should
>> someone already part of the Tor community like torservers.net
>> become that CA?
> 
> I thought the general consensus was that the CA system is totally 
> broken. Why would we want to build on an already broken system, 
> considering the trust and reliability that's required for Tor?
> 
>> On Thu, Jan 1, 2015 at 6:52 PM, Thomas White
>> <thomaswhite@riseup.net> wrote: To individuals - no. However that
>> being said, I am currently working with two CA's on getting them
>> to set out a standard to adopt with the other CAs since they
>> cannot just issue a certificate without following the guidance
>> that the CA Forum sets out. Right now their main problem is that
>> there is no policy on it and so standardising the procedure is 
>> required for any certificates with an expiry beyond November
>> 2015.
>> 
>> I'll update this list when we have new information on the matter
>> but I don't expect an update until their next official policy
>> meeting around May I believe.

- -- 
Activist, anarchist and a bit of a dreamer.

PGP Keys: key.thecthulhu.com
Current Fingerprint: E771 BE69 4696 F742 DB94 AA8C 5C2A 8C5A 0CCA 4983
Key-ID: 0CCA4983
Master Fingerprint: DDEF AB9B 1962 5D09 4264 2558 1F23 39B7 EF10 09F0
Key-ID: EF1009F0

Twitter: @CthulhuSec
XMPP: thecthulhu at jabber.ccc.de
XMPP-OTR: 4321B19F A9A3462C FE64BAC7 294C8A7E A53CC966
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUpjoYAAoJEFwqjFoMykmDiCcQAKcTvfFpRud3Mlguc5WN4deI
GfL6TIaW04DXQE76trkMKgPgpYXeXaOHzZwpOMf2MK1GcWF7vHCnmNrnH7xc2Xze
5zMFYGEPRBt9iftTFI+z2k64SP1L+qpXfL/1ZDWdvt/VRjecdANPjIXZOhNzCMI3
XYTNcs1nIqh8I5Nlyro2mRj8nPY4ohCAfhpt1IMk15KgRVvZBmxj2b2FUjPcxg4v
0DW2Xg6FD64Wgt3/L34ehWFLb7hx5k49XZaGXl6iLK438jd366Kp2GNf8X/Jqe0T
oUwohRzXvz10RnCYtZF9GRs8JUsf/ZLuzGylFK+fL9Uy8AQyzMQeHTGTDnvI+Bh/
VYUegyrrrIJ9+UsJJnzrV4xdzdmhqhnzJLDRW1qe/iI5ZjK4ele7ikQTC4x2XEl2
ekyPOhBHT5UPb5/eh+flVdO8WF+cgpKzDPHeu5yWpaLB0/eIgWavF5oKq6sfP0W6
ICmca3sEoOY2c1gisK1xy+1bqxIloLyHLLKnjlh3XI0zby8E0jWk/bL1lWZBhnFv
Tey4DzlMi5y8tI32Ur5uy3YNTUgHTmBn2/sS/N3OQyxM1lCSeKCJ+wvgQehV+llU
stYau8P0ddIH6UNFFf01llTOML/vgi0jXSESs2oCDkVJiVYIeHt4ocXiB6llAXLO
afBQAemTYll+bYuocaAM
=gIyH
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

