[cabfpub] FW: FW: FW: [cabfquest] Ballot 114 - Security concerns on verifying "ownership" of .onion domain names

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Mon Mar 2 02:27:03 UTC 2015

Adrien’s further response to my scenario.  Thanks, Adrien – very helpful.

From: Adrien Johnson [mailto:adrienj at adrienj.com]
Sent: Sunday, March 01, 2015 6:23 PM
To: Kirk Hall (RD-US)
Subject: Re: FW: [cabfpub] FW: [cabfquest] Ballot 114 - Security concerns on verifying "ownership" of .onion domain names

Hi Kirk,

Yes, this is a scenario that could happen if the hidden service was using the current 1024-bit RSA key sizes for its .onion domain or had its key material compromised some other way. There's not much value to DV .onion cert, since being able to talk to a .onion service already serves as proof to any visitor that the service you're talking to has the private key for that service and controls the .onion domain. If EV certificates were required, you should at least be able to tell at a glance if the SSL certificates you receive on separate visits to the same .onion domain were issued to different organizations.

And yes, the issue of "ownership" and "control" is difficult for .onion domains. There's no meaningful distinction between owning a .onion domain. controlling a .onion domain, or brute-forcing/stealing the private key of a .onion domain.

Adrien Johnson

On 2015-03-01 8:34 PM, kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com> wrote:
Related to this – if multiple site owners can get a cert for the same .onion domain – whether abc123.onion or facebookwwwcore1.onion – and if Tor sometimes sends a user to the Real site, and sometimes to the Fake site with the same domain, couldn’t the following happen?

1.  NSA or North Korea uses brute force to get key pair that resolves to the target .onion domain (remember, you can see the Facebood .onion domain in the SANs field of the cert that secures htps://www.facebook.com, so the targets are known).

2.  Spy agency sets up fake Facebook page (with Login section to collect user credentials) on Tor / .onion.

3.  Spy agency gets DV cert for its .onion domain using the permitted method (remember, no identity authentication for DV).  OR maybe gets an OV or EV cert from a CA with extra effort.

4.  Spy agency secures .onion sign-in page with cert.  Users type in facebookwwwcore1.onion and on some occasions are taken to the real Facebook site, at other times to the spy agency site.  Browsers show https and the encryption padlock.

Could this happen?  CAs are required to show a domain owner either “owns” a domain (WhoIs, not possible for .onion), or “controls” the domain (and multiple parties can show that for a .onion domain because Tor does not impose controls to make the domain unique to one site owner).  Unfortunately, the Forum tossed out the “own or control” requirement for .onion domains.

<table class="TM_EMAIL_NOTICE"><tr><td><pre>
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150302/b60ec015/attachment-0003.html>

More information about the Public mailing list