[cabfpub] Ballot 144 - Validation rules for .onion names

Tom Ritter tom at ritter.vg
Tue Feb 17 15:13:30 UTC 2015

On 17 February 2015 at 07:56, 陳立群 <realsky at cht.com.tw> wrote:
> Chunghwa Telecom Co., Ltd.  vote “No” not because we object supporting
> .onion names but because we think that a method suggested in the Appendix F
> for verifying the Applicant’s control over the .onion Domain Name has
> security problem. In the Appendix F, the method 2.b says 'The CA MAY verify
> the Applicant 's control over the .onion service by having the Applicant
> provide a Certificate Request signed using the .onion public key …'. What we
> concerns is that if the .onion private key used to sign the PKCS#10  SSL
> Certificate Request is not the same one as the SSL server 's private key, it
> will cause security problem. For security reason, PKCS#10 Certificate
> Request need to be signed by the private key corresponding to the public key
> contained in the CertificationRequestInfo. Please refer to Note 2 of section
> 3 of RFC 2986 (the PKCS#10 standard), where it explains the security
> concern. Note 2 of section 3 of RFC 2986 is extracted as below:

Hi Li-Chun CHEN,

It was always my understanding that this CSR (signed by the onion key)
was in ADDITION to the CSR signed with the SSL private key, not in
place of. I guess the text does not bear this out clearly, apologies.

Otherwise, yes I agree that would be a problem. (The applicant could
get a certificate for a .onion address they control but a SSL private
key they do not. Doesn't really introduce a security vulnerability for
anyone but themselves, but clearly not correct issuance.)


More information about the Public mailing list