Certificate authority DigiCert is considering issuing SSL certificates to more Tor .onion address owners after recently providing Facebook with one.
However, SSL certificates for pseudo-top-level domains like .onion that don’t actually exist on the Internet are in the process of being phased out and the Tor Project has not yet decided if Tor websites getting SSL certificates is a good thing.
Last week, Facebook made its website accessible inside the Tor anonymity network by setting up a so-called Tor hidden service with the facebookcorewwwi.onion address. The company described it as an experiment that will provide Tor users with end-to-end communication, from their browsers directly into a Facebook data center, avoiding third-party exit nodes.
Tor hidden services use URL addresses that end in .onion, a suffix that does not exist in the Internet’s DNS root zone and is not a TLD recognized by the Internet Corporation for Assigned Names and Numbers. As such, these addresses only resolve within the Tor network through a private DNS-like system.
The internal use of made-up TLDs like .onion is not something specific to Tor. Organizations have used pseudo-TLDs like .local, .lan, .corp, .priv and others on their internal networks for a long time, even though it is not a recommended practice.
Over the years certificate authorities have issued valid digital certificates for such internal domain names, as they helped organizations deploy SSL in their enterprise environments without having to install a self-generated root certificate on end-point systems.
This practice is being discontinued because TLDs used internally today might conflict with future TLDs approved by ICANN. According to the baseline requirements for the issuance and management of publicly trusted certificates adopted by the CA/Browser Forum, certificate authorities are no longer allowed to issue new certificates that are valid for “internal names” and have an expiration date past Nov. 1, 2015. All such certificates that already exist have to be revoked by October 2016.
DigiCert has provided Facebook with an SSL certificate for its facebookcorewwwi.onion address that works for now, but will need to find a longer-term solution that will work past Nov. 1, 2015.
“As a company that has long supported the Tor Project in its efforts to provide a secure internet where people can freely express their ideas, DigiCert is continuing to work with Tor and Facebook on how best to support this project moving forward,” said Jeremy Rowley, DigiCert’s vice president of business development and legal, in a blog post.
“We’ve had other folks contact us about getting a .onion certificate,” Rowley said. “We think there is value in any efforts to provide SSL/TLS security for Tor, but only if the right security controls can be put in place. Right now, we are in the process of evaluating how best to implement strong validation policies before possibly offering such certificates beyond the one for Facebook. We’re also exploring some possibilities with standards bodies. We’ll report more about these efforts in the future.”
A discussion about the possibility of making an exception for .onion took place on the CA/Browser Forum mailing list in October and the sentiment was that if this is to be considered, the Tor Project should be the one requesting it.
Meanwhile, the Tor Project has not decided if it wants to encourage SSL certificates for Tor hidden services.
“If one site gets a cert, it will further reinforce to users that it’s ‘needed,’ and then the users will start asking other sites why they don’t have one,” Tor Project Leader Roger Dingledine said in a blog post Oct. 31. “I worry about starting a trend where you need to pay Digicert money to have a hidden service or your users think it’s sketchy—especially since hidden services that value their anonymity could have a hard time getting a certificate.”
Using SSL over Tor is also somewhat redundant. SSL has two major benefits: it encrypts traffic and authenticates servers to clients through digital certificates issued by trusted third parties—the certificate authorities. Tor also encrypts connections between a Tor client and a hidden service and the service’s 16-character .onion address is actually a hash of its cryptographic key.
This means Tor hidden service addresses “are self-authenticating: if you type in a given .onion address, your Tor client guarantees that it really is talking to the service that knows the private key that corresponds to the address,” Dingledine said.
SSL becomes valuable in situations where the Tor process and the Web server that make up a hidden service run on different machines. In this case the user’s connection to the Tor hidden service will be encrypted, but the “last mile” between the Tor service and the actual Web server will not.
Large websites like Facebook likely have such configurations. Their front-facing servers are actually proxies that pull content from different Web servers spread around the world.
Secret documents leaked by former U.S. National Intelligence Agency contractor Edward Snowden showed that the NSA is snooping on unencrypted traffic that flows through the infrastructures of Internet companies like Google. This prompted Google and others to start encrypting the private links between their own data centers.
Even if SSL is to be used by Tor hidden services, there might be alternatives to the CA-based model, Dingledine said. One approach could be to develop a way for a hidden service “to generate its own signed https cert using its onion private key, and teach Tor Browser how to verify them—basically a decentralized CA for .onion addresses, since they are self-authenticating anyway.”
“I haven’t made up my mind yet about which direction I think this discussion should go,” Dingledine said “I’m sympathetic to ‘we’ve taught the users to check for https, so let’s not confuse them,’ but I also worry about the slippery slope where getting a cert becomes a required step to having a reputable service.”