Delivery-Date: Sun, 04 Jan 2015 05:37:50 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,SPOOF_COM2OTH,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 341B61E02B4
	for <archiver@seul.org>; Sun,  4 Jan 2015 05:37:49 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9D29B32EBC;
	Sun,  4 Jan 2015 10:37:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id C8E0A32E86
 for <tor-talk@lists.torproject.org>; Sun,  4 Jan 2015 10:37:40 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id MCIhlTSLmFMZ for <tor-talk@lists.torproject.org>;
 Sun,  4 Jan 2015 10:37:40 +0000 (UTC)
Received: from metaverse.org (ppp163-119.static.internode.on.net
 [150.101.163.119])
 by eugeni.torproject.org (Postfix) with ESMTP id 72DAE32E7A
 for <tor-talk@lists.torproject.org>; Sun,  4 Jan 2015 10:37:39 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by metaverse.org (Postfix) with ESMTP id 8BCB05FD7D
 for <tor-talk@lists.torproject.org>; Sun,  4 Jan 2015 21:37:34 +1100 (AEDT)
X-Virus-Scanned: Debian amavisd-new at jabberwock.metaverse.org
Received: from metaverse.org ([127.0.0.1])
 by localhost (jabberwock.intra.metaverse.org [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id ssU1FjA_NFD9 for <tor-talk@lists.torproject.org>;
 Sun,  4 Jan 2015 21:37:23 +1100 (AEDT)
Received: from mah-Apple-Compootah.local (unknown [10.0.11.16])
 by metaverse.org (Postfix) with ESMTP id 871415FB03
 for <tor-talk@lists.torproject.org>; Sun,  4 Jan 2015 21:37:22 +1100 (AEDT)
Message-ID: <54A917E2.3010502@metaverse.org>
Date: Sun, 04 Jan 2015 21:37:22 +1100
From: Peter Tonoli <peter+tor@metaverse.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <54A4A69B.4020803@riseup.net>
 <20150101132852.73822cef@localhost.localdomain> <54A4C6BF.3040207@riseup.net>
 <20150101143551.00c64c7e@localhost.localdomain>
 <218CCDA8-6BB7-4C1C-B806-A1CEAB42A1C0@riseup.net>
 <20150101170451.33e950e6@localhost.localdomain> <54A59E83.1080300@riseup.net>
 <20150102104622.3e5fb008@localhost.localdomain>
 <0BE4AC7A-4DA6-4F56-8B88-9C2B93E9FC7A@riseup.net>
 <CADop2NEx22J2qGspApv588uC8o32OmS8zzV5yyek_UxtMxZGiw@mail.gmail.com>
 <CAJaLD9+M8EErJ11LRGQYrYLOf+9+8dQL6RawC+3UY-ojLd=sWQ@mail.gmail.com>
 <54A607EB.1020505@riseup.net>
 <CADop2NE5tY_97XdYY=UWfd_xvbByPqd95LW4Z8G4Q+m44n-YZQ@mail.gmail.com>
 <54A72481.5020108@torservers.net> <54A72877.6090900@veloc1ty.de>
 <54A72FFA.7090305@sky-ip.org> <54A74EBD.5070407@jbcrawford.us>
 <20150103132326.04b88929@puckey.org> <54A8C4A6.3090804@jbcrawford.us>
In-Reply-To: <54A8C4A6.3090804@jbcrawford.us>
Subject: Re: [tor-talk] Giving Hidden Services some love
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 4/01/2015 3:42 pm, Jesse B. Crawford wrote:
> What I mean is that the situations where DNS is compromised (malicious
> DNS server, malicious local network operator, malicious third party
> pulling a trick on the local network, etc...), while completely possible
> and important to protect against, are far less common out there in the
> wild than phishers using similar-but-wrong domains (we've probably all
> seen a usbank.com.abunchofhexcharacters.numbers.cz before).
> 
> I realized that I missed something earlier. When I refer to SSL
> certificates fixing this problem, I am referring to extended validation
> (EV) certificates that validate legal entity, not to the various cheaper
> certificates that only validate domain.

EV certificates don't fix any problem. The validation of a 'legal
entity' is purely due to an agreed policy. A rogue, compromised, or
alternate CA could release certificates with EV fields that don't
'rigorously' validate the organisation that applies for the certificate.

> EV certificates tie a service to a real-world entity, typically by the
> CA validating organizational documents (articles of incorporation,
> charter, etc) and validating that the person who submitted the request
> is an authorized agent of the organization. The certificates then
> include as part of the principal not only the domain name of the host
> but also the legal name of the operator.

Which contradicts with the point of hidden services in the first place,
that neither party knows the others identity [1].

[1] https://www.torproject.org/docs/hidden-services.html.en

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

