Re: [tor-relays] tor hidden services & SSL EV certificate

2016-01-01 Thread Jesse V
On 01/01/2016 10:21 AM, Josef Stautner wrote: > You can use an Amazon EC2 G-Instance and Scallion if you don't have a > good GPU. That is not a good idea, since then you are given them your private key. I trust Amazon, but not that much. People have posted on the /r/onions or /r/tor subreddit

Re: [tor-relays] tor hidden services & SSL EV certificate

2016-01-01 Thread Manager Bahia del Sol LLC
 There is alsoScallionhttps://github.com/lachesis/scallion and Eshalothttps://github.com/ReclaimYourPrivacy/eschalot The hardware facebook used to bruteforce their onion address must have been very impressive. Message: 2Date: Thu, 31 Dec 2015 10:33:19 -0900From: Jesse V To:

Re: [tor-relays] tor hidden services & SSL EV certificate

2016-01-01 Thread Josef Stautner
t; To: tor-relays@lists.torproject.org >> <mailto:tor-relays@lists.torproject.org> >> Subject: Re: [tor-relays] tor hidden services & SSL EV certificate >> Message-ID: <568582ff.40...@riseup.net >> <mailto:568582ff.40...@riseup.net>> >> Content-Typ

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-31 Thread Benoit Chesneau
> On 30 Dec 2015, at 13:55, Paul Syverson wrote: > > On Tue, Dec 29, 2015 at 12:27:06PM -0900, Jesse V wrote: >> On 12/29/2015 11:18 AM, Aeris wrote: A few hidden services have added an HTTPS cert but I think that's mostly for a publicity stunt than

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-30 Thread Paul Syverson
On Tue, Dec 29, 2015 at 12:27:06PM -0900, Jesse V wrote: > On 12/29/2015 11:18 AM, Aeris wrote: > >> A few hidden services have added an > >> HTTPS cert but I think that's mostly for a publicity stunt than anything > >> else. > > > > As indicated in the roger’s lecture, HTTPS is usefull for HS :

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-29 Thread Mirimir
On 12/29/2015 01:16 PM, bernard wrote: > > On 29/12/2015 19:38, Jesse V wrote: >> A few hidden services have added an >> HTTPS cert but I think that's mostly for a publicity stunt than anything >> else. > > (I am not commenting on the technical necessity of a cert.) > > No, I think the point

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-29 Thread Benoit Chesneau
> On 29 Dec 2015, at 21:05, Ivan Kwiatkowski wrote: > > Since you're at 32c3, you should get in touch with the EFF / Let's > Encrypt people to see if they have made plans for this issue. Ah I didn't think about that. I will then :) -

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-29 Thread bernard
On 29/12/2015 20:55, Mirimir wrote: On 12/29/2015 01:16 PM, bernard wrote: The objective of it (from a users point of view) would be the tieing the identity of the *clear web* site and the *.onion site* together to give the user some trust that bigclearwebwebsite.onion is in fact the same

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-29 Thread Jesse V
On 12/29/2015 10:25 AM, Benoit Chesneau wrote: > I was at the talk this afternoon at the 32c3 and get a certificate for a .onion. Any service to suggest? Also where I should > see to configure it correctly? > > - benoit > You don't need one. Hidden services automatically get end-to-end

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-29 Thread bernard
On 29/12/2015 19:38, Jesse V wrote: A few hidden services have added an HTTPS cert but I think that's mostly for a publicity stunt than anything else. (I am not commenting on the technical necessity of a cert.) No, I think the point that was made at today's talk (and correct me if I got it

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-29 Thread Jesse V
On 12/29/2015 11:18 AM, Aeris wrote: >> A few hidden services have added an >> HTTPS cert but I think that's mostly for a publicity stunt than anything >> else. > > As indicated in the roger’s lecture, HTTPS is usefull for HS : > - browsers handle more securely cookies or other stuff in

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-29 Thread Aeris
> A few hidden services have added an > HTTPS cert but I think that's mostly for a publicity stunt than anything > else. As indicated in the roger’s lecture, HTTPS is usefull for HS : - browsers handle more securely cookies or other stuff in HTTPS mode, avoiding some possible leaks

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-29 Thread Ivan Kwiatkowski
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I beg to differ. One of the very good points made in the talk was that by tying the "vanilla" DNS name of the website and its .onion address as alternate names, you can offer proof to your users that the .onion URL they entered is indeed the website

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-29 Thread benoitc
> On 29 Dec 2015, at 21:18, Aeris wrote: > >> A few hidden services have added an >> HTTPS cert but I think that's mostly for a publicity stunt than anything >> else. > > As indicated in the roger’s lecture, HTTPS is usefull for HS : > - browsers handle more

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-29 Thread Billy Humphreys
There should be a way to auth via letsencrypt.org, anonymously. To: tor-relays@lists.torproject.org From: kernelc...@riseup.net Date: Tue, 29 Dec 2015 12:27:06 -0900 Subject: Re: [tor-relays] tor hidden services & SSL EV certificate On 12/29/2015 11:18 AM, Aeris wrote: >> A few hidde

Re: [tor-relays] tor hidden services & SSL EV certificate

2015-12-29 Thread benoitc
> On 29 Dec 2015, at 21:05, Ivan Kwiatkowski wrote: > > > As for the original question, I think that you cannot get a DV > certificate for the .onion TLD at the moment. I assume that you could > go the FaceBook way and try your luck with Verisign or Digicert, but >