[cabfpub] .onion proposal

Ryan Sleevi sleevi at google.com
Wed Nov 19 20:44:44 UTC 2014

On Wed, Nov 19, 2014 at 12:36 PM, Jeremy Rowley <jeremy.rowley at digicert.com>

> How do you address this concern other than by modifying the way the onion
> names are assigned? I guess either not permit conflicting services by only
> routing to the service with the oldest identified service (instead of
> evicting the old service) or having Tor move to a SHA-2 hash.  I know Tor
> is looking at the issue and will likely have more insight they can share.
> While a solution is in flux, the Forum should still have validation rules
> in place for onion that last until 2016 (the revocation date of all
> internal names) so that current certs undergo a set process for issuance
> rather than issue as internal names.
> Jeremy

You mean 1 November 2015. That's been the date that no BR-conforming CA is
allowed to set the expiration date past. (9.2.1 of BR 1.2.2)

PROPOSAL: Effectively immediately, CAs MUST NOT issue certificates for the
.onion TLD and MUST revoke all certificates issued for the .onion TLD

Then we work out a proposal to set up rules for validating .onion names,
which may or may not be blocked on Tor work at the protocol or browser
level, and also work - with the broader Tor community - to see if there is
any interim steps that can be accepted.

> -----Original Message-----
> From: Brian Smith [mailto:brian at briansmith.org]
> Sent: Wednesday, November 19, 2014 1:26 PM
> To: Gervase Markham
> Cc: Jeremy Rowley; public at cabforum.org
> Subject: Re: [cabfpub] .onion proposal
> Gervase Markham <gerv at mozilla.org> wrote:
> > I'm in support of this in principle. There are two issues with 'normal'
> > internal server names:
> >
> > 1) It's not possible to prove exclusive ownership of them (because they
> >    aren't exclusively owned);
> <snip>
> > For .onion names, problem 1) does not apply.
> That is only true assuming you can rely on the second-preimage resistance
> of truncated SHA-1, like Ryan pointed out. I think his point is that the
> second-preimage resistance of truncated SHA-1 is not strong enough to make
> claims like this. (Ryan: Sorry if I'm misunderstanding you. Corrections
> appreciated.) I think that concern should be addressed. This is one reason
> I suggested to limit the maximum lifetime of .onion certificates.
> Cheers,
> Brian
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141119/c416dec4/attachment-0003.html>

More information about the Public mailing list