"That said multiple layers of crypto cannot hurt, Facebook for example uses this approach."
The first part is not strictly true. For the second part, FB uses an identity-verified EV cert from a known CA to let their users confirm their identity, not for increased encryption. Creating an onion service is essentially creating a self-signed cert, so no, I'd say not worth the effort to do it again at the HTTP level. Chad On Fri, Dec 28, 2018 at 11:17 AM Nathaniel Suchy <m...@lunorian.is> wrote: > > Hi everyone, > > So I have an idea which may or may not be a possibility. Currently Tor Onion > Services do not need HTTPS since they are already end to end encrypted. That > said multiple layers of crypto cannot hurt, Facebook for example uses this > approach. So I have the idea of some sort of mechanism that lets you sign a > self-signed tls certificate with your Onion Service's hs_ed25519_secret_key > and Tor Browser trusting the tls certificate based on this signature. Would > this approach work? Would it be worth the effort? Look forward to hearing > your thoughts :) > > Cordially, > Nathaniel Suchy > _______________________________________________ > tor-dev mailing list > tor-dev@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
