[cabfpub] Ballot 144 -.onion domains

Tom Ritter tom at ritter.vg
Fri Feb 13 19:38:28 UTC 2015

On 13 February 2015 at 13:25, kirk_hall at trendmicro.com
<kirk_hall at trendmicro.com> wrote:
> Maybe you're right on that point, Gerv.
> One other question:   Does Tor do revocation checking for .onion certs?  I'm guessing not for privacy reasons...  I know some browsers have given up some revocation checking (a mistake in my opinion), but if we know an application never checks for revocation as a matter of policy, that would concern me.  There would be no way to remove a bad cert (used for fraud or abuse, or misissued to the wrong party) from the Tor system, even if the CA revokes it.

I do not believe that Tor Browser edits Firefox's configuration for

I expected to see something here:
- but the absence and other bug reports I've seen make me believe it's
left as the default.


More information about the Public mailing list