LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

.onion vs .secure

.onion vs .secure

Posted May 12, 2012 7:54 UTC (Sat) by atoponce (guest, #57402)
Parent article: My own private Internet: .secure TLD floated as bad-guy-free zone (Ars Technica)

Don't we already have a secure infrastructure with .onion, without the centralized model? Heh. Seems someone missed that boat by a few years.

(Log in to post comments)

.onion vs .secure

Posted May 12, 2012 21:34 UTC (Sat) by wahern (subscriber, #37304) [Link]

Out of 1) authentication, 2) authorization, and 3) confidentiality, Onion routing only provides #3. I think the idea here is to provide a slightly higher floor regarding #1 and #2 for unknown people on the network. We tend to think of authentication and authorization in terms of passwords or ACLs, but in a simple SMTP exchange there are implicit authentication and authorization elements. They're just really weak.

.onion vs .secure

Posted May 12, 2012 21:56 UTC (Sat) by slashdot (guest, #22014) [Link]

SSL provides all of these.

In fact, it appears this ".secure" thing is mainly these guys attempting to replace the SSL CAs and monopolize that market.

This is only beneficial for mankind if they are indeed a better CA, and if their monopoly power is restricted either by themselves (with a legally binding pledge) or ICANN.

Unfortunately, I suspect these things aren't terribly likely.

.onion vs .secure

Posted May 13, 2012 23:28 UTC (Sun) by cmccabe (guest, #60281) [Link]

Indeed. I read this as "certificate authority offers to actually do its job for once, news at 11."

Which... actually might have some value. Of course, browser vendors would have to enforce the idea that only iSec partners could hand out certs for .secure, but that seems relatively straightforward.

The stuff about enforcing good site security among customers seems a little far-fetched. If some large bank hands them a fat sack of cash, is iSec really going to decline because their site missed a few best practices? It's kind of hard to believe.

.onion vs .secure

Posted May 14, 2012 1:07 UTC (Mon) by vonbrand (subscriber, #4458) [Link]

The whole "security certificate" stuff being what it is, anybody could just set up their own CA which undercuts prices for .secure (presumably by doing a clown's job on checking), so...

Wait, that is how this racket works today.

.onion vs .secure

Posted May 18, 2012 10:26 UTC (Fri) by livne.dror (subscriber, #51160) [Link]

Actually, tor hidden service names are self-certifying therefore achieving #1,#3.

see:
https://www.torproject.org/docs/hidden-services.html.en

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds