

TLS over Tor - iancarroll
https://blog.ian.sh/2014/10/31/tls-over-tor/

======
huslage
This is sort of obvious. Facebook's key is signed by a well-known CA. Anyone
can make a cert for anything, but that doesn't mean that browsers will
recognize it as being "valid".

The author fails to mention how this any more "broken" than TLS on anything
else.

~~~
iancarroll
This is a valid certificate issued by GlobalSign, parse it yourself (the link
is in the post)

(well, now revoked, but still...)

