On 2017-08-09 16:53, Seth David Schoen wrote:

Notably, it doesn't apply to certificate authorities that only issue DV 
certificates, because nobody at the time found a consensus about how to 
validate control over these domain names.

I don't completely understand this, since outside the Tor world it's possible to acquire DV certificates using verification performed on unencrypted (HTTP) channels.

Wouldn't the same be possible for a .onion, simply requiring that the verification service act as a Tor client? This would be at least as good, given that Tor adds a bit of encryption.

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to

Reply via email to