Let me reveal another discussion against “normal” certificates for onion domains. The thing is that they e with an OCSP responder address. Hence, the internet browser is certainly going and make contact with that responder, probably deanonymizing your. Exactly what Facebook need complete is to bring OCSP response stapled – without one, the specific situation is even tough than unencrypted http.
No, it’s not going to on some
No, it won’t on some browsers. Arguably it is a browser insect, but still, stapling the OCSP feedback will make the insect safe.
Tor Internet Browser needs
Tor internet browser should have handicapped OCSP long-ago, its tough than useless since it needs to FAIL OPEN since plenty responders were unreliable. noisebridge /OCSP
What about altering the Tor
What about modifying the Tor internet browser, so as that although all visitors actually is distributed through basic HTTP over Tor for .onion, the internet browser showcases it , because of the padlock, in order for people believe assured it’s encrypted properly. Maybe even treat it is really as HTTPS with regard to blended articles and referer and this type of, while still not in reality are it.
That will avoid the overhead of run both Tor’s and HTTPS’s encryption/end-to-end-authentication, and steer clear of implementing the mercial CA product, while however avoiding misunderstandings from consumers.
Really should not be done in that
Shouldn’t be done in like that. Much better create different padlock showing at content which accessed safely via undetectable service. And learn consumers about this.
For naming difficulties, I
A) rebrand “location-hidden services” in addition to .onion pseudo TLD to “tor solution” and .tor (though maintaining backward accessibility to .onion) (*)
(*) there can be likely research paper assistance site a big “dont brand products” discussion, which is mainly according to the idea of “ownership”. The munity exactly who contribute to the code own the rule, but it is copylefted with a tremendously permissive permit (hence forkable), and also the community possession try distributed amongst people who subscribe to they (relays, bridges, web directories etc.). So, I notice branding/ownership argument as bad.
At long last, i do believe that it’s *excellent* that Facebook provides extra a .onion address. I pletely differ with their enterprize model, and dont utilize what they are selling, however their addition to your tor system will add to the authenticity for the community in the sight on the improperly knowledgeable, and could improve the degree of that munity.
Actually one discussion in benefit
Isn’t one argument in support of making use of https for hidden service that it enables verification of consumers through customer certificates? (clearly, this is not an argument that’s connected to the fb case).
“they have some important factors
“Then they got some points whose identity began with “facebook”, plus they looked at the second 1 / 2 of each to pick out the people with pronouncable and therefore remarkable syllables. The “corewwwi” one searched better to them. “
I’ve found that facts hard to feel. How many conotations did they must read through to acquire corewwwi? It certainly need come millions, billions, or more?
Really don’t purchase it both. Inclined a large pany like fb wishes an easy-to-remember target possesses the methods for this.
I am not fantastic with C, but i might want to help using designs when it comes down to brand new onion services. What might be the best way to assist?
ments on parts
There is one other reason for attempting to has https to an onion address: warranty that hardly any other .onion web site are proxying/MITMing this service membership’s data flow, by showing that .onion address possess a key actually held (or perhaps licensed) from the a person who owns this site.