(2) What reasons do people have for wanting certificates that cover
onion names? I think I know of at least three or four reasons, but I'm
interested in creating a list that's as thorough as possible.
Six to start with:
- not having to rewrite CMS code which assumes HTTPS, eg for secure
cookies; the Onion acts as a straight deployment on a new domain name
- corollary: not having to lobby browser manufacturers to pollute their
code to understand that http under this magical "onion" TLD is somehow
almost but not entirely treatable like https.
- access to secure-locked protocols like WebRTC
- protection of traffic for the link between Tor daemon (basically a
reverse-proxy) and the site load-balancer fanout in enterprise deployment
- user expectation for padlocks, consistency rather than special-snowflake
- EV: attestation.
tor-talk mailing list - firstname.lastname@example.org
To unsubscribe or change other settings go to