Silk Road forums

Discussion => Newbie discussion => Topic started by: AirshipAdmiral on July 22, 2013, 03:39 pm

Title: TLS Certificate Authority over Tor
Post by: AirshipAdmiral on July 22, 2013, 03:39 pm
The biggest problem with using TLS/SSL over Tor is that TLS/SSL is designed for using Certificate Authorities (CAs) to verify identity, as opposed to using OpenPGP (i.e. GPG2 or similar) web of trust to verify server authenticity.

I've never heard of a Tor CA, but I don't see why such a beast is technically impossible.

From what I understand, CAs CAN be hosted over Tor in the same way Tormail works (cheap disposable proxies) or for that matter, Onion.TO (gateway into Tor, only in this case for a single site, the CA).

The problem with this is that CAs, even when hosted over Tor, are still a centralized entity, and if the CA were ever raided and/or compromised, would compromise every single website and service that relied on it, and may even be subject to forged certificates to redirect user traffic to a fake site as a result of ICE domain seizure or a sting operation.

I do not like Certificate Authorities, but they may be helpful to provide HTTPS or other SSL/TLS validity when certain protocols, such as email, web, IRC, XMPP and others expect valid signed TLS/SSL certificates, and throw exceptions upon encountering non-SSL connections or ports, or self-signed certificates. Some protocols don't make it easy to manually override rejections of self-signed SSL certs.

What do you guys think about an SSL cert signing service over a Tor hidden service?

I believe it's technically possible, but do you think anyone would want it?
Title: Re: TLS Certificate Authority over Tor
Post by: zcabw58 on July 22, 2013, 03:52 pm
I think there would be a trust deficit in the CA, so would never take off in the first place
Title: Re: TLS Certificate Authority over Tor
Post by: AirshipAdmiral on July 22, 2013, 04:16 pm
I think there would be a trust deficit in the CA, so would never take off in the first place

Fair enough.

However, it may be possible to successfully launch it under certain conditions, such as with transparent and honest collaboration with widely respected long-time onionland residents, such as the admins of popular sites, for example, DPR of Silk Road.

If the admins were willing to work with such a CA for certain reasons, such as the CA essentially being run as a clandestine mutualist (not-for-profit cooperative) libertarian agorism, where they are honest with the established and respected server admins and onionland community members, carefully building up a reputation for honesty and responsibility, and closely collaborating with respected community members and server admins, and possibly bitcoin and tor core developers (albeit by way of tormail and torchat), it might be possible to get launched.

People trust Silk Road and OnionNet IRC, so why not a CA?

It's possible, even if unlikely.

Such a TorCA may be useful for SRTP (secure realtime protocol, used for encrypted voip, such as SIP media encryption) and S/MIME, a much easier form of email encryption, that does not require complex manual cert verification, as used with OpenPGP (OpenPGP/MIME) email encryption. S/MIME and SRTP is used for many things, but both rely upon CAs for their security model to work.

A TorCA can help minimize the inherent risks involved with clearnet (regulated and government-controlled) CAs such as Comodo and Verisign, even if it doesn't eliminate them completely.
Title: Re: TLS Certificate Authority over Tor
Post by: zcabw58 on July 22, 2013, 04:24 pm
I'm intrigued, it could work. Could even lead to a community of trusted anonymous devs on an open source model; assuming one doesn't exist, being a newbie haven't explored TOR much yet but find it interesting.

If this does take off I don't mind contributing some dev time, is there a tor based GIT?