[Quotations reordered to make my replies flow better.] Date: Tue, 27 Oct 2015 13:45:47 +0100 From: Mike Hearn <[email protected]>
> The name tor.facebook.com is not self-authenticating, which is the > main practically useful function of .onion names. Well ... but this thread starts by observing that attackers are exploiting the fact that Onion names are opaque random strings, meaning people do (at best) prefix matches of a few characters. So isn't the issue that Onion names are *not*, in practice, self authenticating? The issue Philipp raised is that the use of vanity onions encourages people to do short prefix matching instead of letting a machine handle it. Philipp's suggestion was to make vanity onions much more costly in order to discourage them, so that nobody is even tempted to do short prefix matching. I suspect that that will mean only Facebook, Google, and the NSA can afford to have vanity onions (unless we make it so costly that only Facebook, Google, and the NSA can afford to have any onions at all). I think making opaque onions easier to work with is a more fruitful avenue than making vanity onions harder, hence my suggestion about bookmarks -- Chrome already shows visually if a page is bookmarked or not (the star on the right hand side). So there's nothing to do there. Nice. Perhaps it would be worthwhile to do more for onions, e.g. show a scary broken lock when the user has not explicitly verified it, and let the user keep personal notes about verification. (In addition to onions, it would also be nice for the browser to handle, e.g., Tahoe-LAFS caps similarly. I've been nervous about putting those into browsers via URIs, unsure of how careful browsers are about copying them around and storing them in places I wouldn't store keys.) There are not thousands of CA's, even Firefox only trusts a hundred or so in total and EV certs are issued by only about 25-30. And Google is forcing them into certificate transaparency, so if someone did issue a bogus EV cert under your name you'd be able to locate it immediately with something as basic as a cron job. There are hundreds of CAs listed in the browser. There are doubtless thousands of intermediate CAs that are not listed explicitly but can nevertheless issue certificates for any names. Every now and then we hear about Comodo or whoever having accidentally authorized some subsidiary or customer to do so when they didn't mean to. _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
