Luke-Jr [ARCHIVE] on Nostr: 📅 Original date posted:2013-10-26 📝 Original message:On Saturday, October 26, ...
📅 Original date posted:2013-10-26
📝 Original message:On Saturday, October 26, 2013 3:31:05 AM Gregory Maxwell wrote:
> One limitation of the payment protocol as speced is that there is no
> way for a hidden service site to make use of its full authentication
> capability because they are unable to get SSL certificates issued to
> them.
>
> A tor hidden service (onion site) is controlled by an RSA key.
>
> It would be trivial to pack a tor HS pubkey into a self-signed x509
> certificate with the cn set to foooo.onion.
> ...
> Thoughts?
Is there any point to additional encryption over tor (which afaik is already
encrypted end-to-end)? Is there a safe way to make this work through tor entry
nodes/gateways?
It'd be nice to have a way to support namecoin-provided keys too...
Luke
📝 Original message:On Saturday, October 26, 2013 3:31:05 AM Gregory Maxwell wrote:
> One limitation of the payment protocol as speced is that there is no
> way for a hidden service site to make use of its full authentication
> capability because they are unable to get SSL certificates issued to
> them.
>
> A tor hidden service (onion site) is controlled by an RSA key.
>
> It would be trivial to pack a tor HS pubkey into a self-signed x509
> certificate with the cn set to foooo.onion.
> ...
> Thoughts?
Is there any point to additional encryption over tor (which afaik is already
encrypted end-to-end)? Is there a safe way to make this work through tor entry
nodes/gateways?
It'd be nice to have a way to support namecoin-provided keys too...
Luke