On 12/29/2015 11:18 AM, Aeris wrote:
>> A few hidden services have added an
>> HTTPS cert but I think that's mostly for a publicity stunt than anything
>> else.
> 
> As indicated in the roger’s lecture, HTTPS is usefull for HS :
>       - browsers handle more securely cookies or other stuff in HTTPS mode, 
> avoiding some possible leaks
>       - because anybody can create an HS and proxify any content, X.509 certs 
> allow users to verify the authenticity of the HS (you are on the official 
> Facebook HS if you have a cert with facebook.com *AND* facebookcorewwwi.onion 
> inside)
> 

I've downloaded the .webm of Roger's lecture but haven't had the time
today to listen to it. My point was that HSs already have an
authentication mechanism and it's assumed that you can verify the
address through some trusted out-of-band method, so in that case you
don't need an SSL cert. This can sometimes be superior to trusting the
centralized CA model, but I agree that the points you've listed are
useful applications as well.

-- 
Jesse V

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Reply via email to