It appears that someone has been issued a facebookcorewwwi.onion cert from another CA as .onion has no way of verifying a collision. https://news.ycombinator.com/item?id=8538527
On Fri, Oct 31, 2014 at 12:12 PM, Andreas Krey <[email protected]> wrote: > On Fri, 31 Oct 2014 16:49:38 +0000, AFO-Admin wrote: > ... >> Hi, >> i really think that this is a good thing, because i think this hidden >> service will get a lot attention in countries where Facebook is >> blocked. > > In blocking countries you'll use Tor whether you to the .com > or the .onion domain. The way around the block is tor, not the > hidden service. > > The hidden service add a protection layer to the traffic from > the tor network to facebook, but they are using SSL anyway. > > And it remains to be seen what they do with static assets > that are loaded from different domains - but actually it wouldn't > matter when those are not going through the hidden service. > > Andreas > > -- > "Totally trivial. Famous last words." > From: Linus Torvalds <torvalds@*.org> > Date: Fri, 22 Jan 2010 07:29:21 -0800 > -- > tor-talk mailing list - [email protected] > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
