Draft RFC – ACME Extensions for ".onion" domains

[keepamovin]

This was interesting:

  An "onion-csr-01" MUST NOT be used to issue certificates for non
   ".onion" Special-Use Domain Names.

   Clients prove control over the key associated with the ".onion"
   service by generating a CSR [RFC2986] with the following additional
   extension attributes and signing it with the private key of the
   ".onion" Special-Use Domain Name:

   *  A caSigningNonce attribute containing the nonce provided in the
      challenge.  This MUST be raw bytes, and not the base64 encoded
      value provided in the challenge object.

   *  An applicantSigningNonce containing a nonce generated by the
      client.  This MUST have at least 64 bits of entropy.  This MUST be
      raw bytes.

[josephcsible]

Why do .onion domain names need certificates, if Tor already enforces that only the party with the corresponding private key can see traffic to them?

[mcpherrinm]

I think the main reason is it allows for easier access to Tor hidden sides with a “regular” web browser. Consider a wifi network that exposed .onion domains via normal DNS, or a VPN, or other similar mechanisms. It’s not as good as Tor browser, but may be a lot more accessible.

[keepamovin]

The last hop off the relay is unencrypted breaking the security model.

Also, some browser features only work on HTTPS sites.

[josephcsible]

> The last hop off the relay is unencrypted breaking the security model.

Isn't that only true of using Tor to access regular websites, not hidden services?

[keepamovin]

Yes, thank you, I think I had the wrong idea, I probably didn’t know. I looked it up and: so long as the tor service and the web server are on the same machine, and operated by the same people - i think that’s true. But they don’t need to be on the same machine, or managed by the same person.

Some more info: https://community.torproject.org/onion-services/advanced/htt...