[cabfpub] DV issuance for next-generation onion services
fotisl at ssl.com
Sun Nov 5 14:53:04 UTC 2017
On 03/11/2017 07:08 μμ, Seth David Schoen via Public wrote:
> Peter Bowen writes:
>> I’m honestly not a big fan of being limited to these three methods — they all are methods which have be completed by someone with access to the “backend” server but not necessarily the onion proxy. What options might exist for validation that are closer to the DNS validation method for Internet names? How could a CA confirm that they onion name “owner” has approved the request?
> You're right that none of these methods could be completed by someone
> with access to the onion proxy alone. I think the closest analogy would
> indeed call for a new onion-specific method, which would probably
> involve signing a challenge with the onion key or with a key signed by
> the onion key.
I think that we should start with one basic question, what does DV
validation mean? Does it mean that the applicant is the owner of the
domain name or does it mean that the applicant is in control of the web
server serving the content?
In the classic WebPKI case, this is the same thing. However, in the tor
case this is different. For example, putting "HiddenServicePort 80
www.google.com:80" in my tor config doesn't make me owner of google's
Trying to decipher the meaning, I checked appendix F of the EV SSL
guidelines where it states:
The CA MUST verify the Applicant’s control over the .onion Domain Name
using one of the following:
a. The CA MAY verify the Applicant’s control over the .onion service by
posting a specific value at a well-known URL under RFC5785.
b. The CA MAY verify the Applicant’s control over the .onion service by
having the Applicant provide a Certificate Request signed using the
.onion public key if the Attributes section of the
I am pretty confident that the former proves the applicant has control
over the web server serving the content while b proves that the
applicant is the owner of the onion name.
I propose that before continuing the discussion on DV issuance for NG
onion services (which I fully support), we should decide what DV
validation actually means, and also correct the EV SSL guidelines.
My best guess is that DV (= Domain Validation) means that the applicant
is the owner of the domain name. I also consider this the correct and
needed interpretation since TLS provides confidentiality and integrity
over a connection between two endpoints. In the tor case, this means
that the connection between the user and the proxy is encrypted. The
user doesn't have any way of knowing if the connection between the proxy
and the web server is encrypted. Thus any information in the subject
should be related to the proxy and not to the webserver.
Fotis Loukos, PhD
Director of Security Architecture
e: fotisl at ssl.com
More information about the Public