On Thu, Dec 4, 2014 at 4:55 AM, Runa A. Sandvik <[email protected]> wrote: > > Can you elaborate on why Blockchain wanted an SSL certificate on its > .onion site? >
A few reasons: 1. When they announced the first hidden site on Saturday which was plain HTTP[0] there was a clone up within an hour and despite the official blockchain twitter and reddit accounts linking to the onion others spammed the clone link(s) which lead users asking to what is real/not[1] 2. User expectation - thinking a "legitimate" hidden service should have a signed and valid certificate [2] 3. The users who were MITM'd on exit nodes weren't noticing they were being ssl stripped, so the chances of getting them into a usage pattern of checking a 16 character onion address felt slim - especially when clones can match the first 10 characters and there is no browser failure mode for not checking the address 4. To defend against the attack type where an attacker creates a clone onion with close-enough matching address and then MITM exit nodes where they s/<legitimate hostname>/<clone hostname> in all pages the user visits. enforced HTTPS everywhere, including onion sites, solves a lot of problems and keeps user advice consistent. HTTPS and signed certificates doesn't have to mean paying a CA - i'd like to see TB distribute a root for a voluntary onion-oriented CA. [0] http://blockchatvqztbll.onion [1] http://www.reddit.com/r/Bitcoin/comments/2npw4p/blockchaininfo_has_an_onion_url_now_or_is_this_a/cmfry83 (spam link deleted and removed by mods) [2] https://twitter.com/sylvandb/status/538724877344468992 -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
