Author: Gregory Maxwell 2013-10-26 03:31:05
Published on: 2013-10-26T03:31:05+00:00
The payment protocol lacks the capability for a hidden service site to utilize its full authentication potential as they cannot obtain SSL certificates. However, a Tor hidden service (onion site) is managed by an RSA key which can be easily packed into a self-signed x509 certificate with the cn set to foooo.onion. If an additional validation procedure is added to the payment protocol for [base32].onion hosts to hash and base32 encode the pubkey, then the payment protocol could work flawlessly with tor hosts, displaying that the payment request came from "foooo.onion". The writer believes that this additional code would be simple, and he will write it if there is support for making it a standard feature. This would provide a fully supported option, which is entirely CA free. It would only work for tor sites, but those concerned about CA treachery may want to use Tor in any case.
Updated on: 2023-05-19T17:37:23.018231+00:00