On 2015-01-04 02:37, Peter Tonoli wrote: > EV certificates don't fix any problem. The validation of a 'legal > entity' is purely due to an agreed policy. A rogue, compromised, or > alternate CA could release certificates with EV fields that don't > 'rigorously' validate the organisation that applies for the certificate.
I am assuming here that users trust CAs - I think a fair assumption for practical purposes since this is the foundation of the current open-internet system. Fixing the problem in a general way is a much more ambitious goal than just extending this assurance to Tor. > Which contradicts with the point of hidden services in the first place, > that neither party knows the others identity [1]. > > [1] https://www.torproject.org/docs/hidden-services.html.en Yet organizations like Facebook, DuckDuckGo, and others that do not intend to remain anonymous operate hidden services. Clearly there are use cases where anonymity is not a requirement and is even undesirable. These are probably a minority I agree, making this a small issue in the grand scheme of things. Just one I thought worth explaining since SSL came up. jc -- Jesse B. Crawford Student, Information Technology New Mexico Inst. of Mining & Technology https://jbcrawford.us // je...@jbcrawford.us https://cs.nmt.edu/~jcrawford // jcrawf...@cs.nmt.edu -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
