[messaging] Are vanity onion domains a good idea?

Mike Hearn mike at plan99.net
Tue Oct 27 05:45:47 PDT 2015

> The name tor.facebook.com is not self-authenticating, which is the
> main practically useful function of .onion names.

Well ... but this thread starts by observing that attackers are exploiting
the fact that Onion names are opaque random strings, meaning people do (at
best) prefix matches of a few characters.

So isn't the issue that Onion names are *not*, in practice, self

There are not thousands of CA's, even Firefox only trusts a hundred or so
in total and EV certs are issued by only about 25-30. And Google is forcing
them into certificate transaparency, so if someone did issue a bogus EV
cert under your name you'd be able to locate it immediately with something
as basic as a cron job.

Chrome already shows visually if a page is bookmarked or not (the star on
the right hand side). So there's nothing to do there.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20151027/d14d9474/attachment.html>

More information about the Messaging mailing list