|
|
|
|
|
|
by tadfisher
3892 days ago
|
|
|
I'm not too knowledgable about Tor, but I'd imagine there's a benefit to well-known CAs issuing certificates that are trusted by existing browser infrastructure. As far as I gather, Tor authentication merely verifies that the owner of the server you're connecting to also has ownership over the .onion domain, not necessarily that that owner is who they say they are. Granted, I'm not sure the HTTPS cert infrastructure guarantees that either. I'd love to be more informed about this. |
|
|
EV (Extended Validation) certificates actually require the CA to verify that you are who you claim to be. This is mostly used by banks and payment processors, as it costs more money. Most browsers will identify an EV cert by turning the URL bar green, and/or displaying the name of whoever owns the cert.