Hacker News new | past | comments | ask | show | jobs | submit login

Yes. I submitted a request for one just now, actually. Hopefully the CA doesn't flag it for containing Facebook.



Just had it issued. Probably going to write a blog post now.


Did you get it from DigiCert? Or from another CA?


GlobalSign.

edit: They've revoked the cert. :(


But does TBB check for revocations? I bet the answer is no because otherwise it'd be sending the sites you visit to CA's via OCSP and Tor would never want that. So I think you still win.


You could still get a full revocation list (via Tor or not). In fact using OCSP over Tor should be safe? FB sees some-exit-node, sends you a cert, CA sees some-other-or-same-but-not-provably-you requesting status of FBs cert. Unless FB sent you a specially craftet, session-spesific cert, CA would only see that "someone" checked the status of FBs cert. And with no immediate link between "you" and "someone"? Much as DNS over Tor is safe (but DNS over udp isn't)?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: