Open Bug 1250696 Opened 9 years ago Updated 2 years ago

.onion names contain their own validator, we should use that

Categories

(Core :: Security: PSM, defect, P5)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

People

(Reporter: huseby, Unassigned)

References

Details

(Whiteboard: [psm-backlog][tor]) 

Because .onion names are the hash of the 1024-bit RSA key for the Tor onion service, we could short circuit the cert validation by checking the hash of the public key in the cert served by a web server onion service.

This would require the web server use a self-signed cert that is signed by the RSA key for the Tor onion service.  This will allow us to take the cert sent by the server, grab the public key, hash it and if that matches the .onion name, then we can treat it like a valid DV cert.
NOTE: the cert using the Tor RSA keypair may not be long enough to meet our other requirements for valid certs.
Summary: .onion names contain their own validator, we should us that → .onion names contain their own validator, we should use that
I think the correct way here is to allow firefox to recognize trust roots that are validated by the .onion.  That way a web site can generate a more modern, stronger TLS cert that is signed by a self-signed root cert with the .onion key in it.  This should mitigate the relative weakness of the keypair and hashing algorithms used by tor nodes.
This might also somewhat mitigate the problem outlined here: https://blog.cloudflare.com/the-trouble-with-tor/ in the section labeled "Long Term Solutions"
We wouldn't have to wait for the CA/B Forum to change the rules about adding .onion addresses to DV certs.
I'm not entirely sold on this. This would require a fair amount of effort to implement on top of taking particular care to ensure that this can't be abused in non-TOR contexts.
Whiteboard: [psm-backlog]
Whiteboard: [psm-backlog] → [psm-backlog][tor]
Priority: -- → P5
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.