Peter Bowen writes: > I’m honestly not a big fan of being limited to these three methods — they all > are methods which have be completed by someone with access to the “backend” > server but not necessarily the onion proxy. What options might exist for > validation that are closer to the DNS validation method for Internet names? > How could a CA confirm that they onion name “owner” has approved the request?
You're right that none of these methods could be completed by someone with access to the onion proxy alone. I think the closest analogy would indeed call for a new onion-specific method, which would probably involve signing a challenge with the onion key or with a key signed by the onion key. -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
