📅 Original date posted:2013-10-26
📝 Original message:One limitation of the payment protocol as speced is that there is no
way for a hidden service site to make use of its full authentication
capability because they are unable to get SSL certificates issued to
them.
A tor hidden service (onion site) is controlled by an RSA key.
It would be trivial to pack a tor HS pubkey into a self-signed x509
certificate with the cn set to foooo.onion.
If we specified in the payment protocol an additional validation
procedure for [base32].onion hosts that just has it hash and base32
encode the pubkey (as tor does) then the payment protocol could work
seamlessly with tor hosts. (Displaying that the payment request came
from "foooo.onion"). I believe that the additional code for this
would be trivial (and I'll write it if there is support for making
this a standard feature).
This would give us an fully supported option which is completely CA
free... it would only work for tor sites, but the people concerned
about CA trechery are likely to want to use tor in any case.
Thoughts?
Gregory Maxwell [ARCHIVE] /
npub1f2…crwet
2023-06-07 15:08:16
in reply to nevent1q…6s03
Author Public Key
npub1f2nvlx49er5c7sqa43src6ssyp6snd4qwvtkwm5avc2l84cs84esecrwetSeen on
wss://relay.nostr.bandPublished at
2023-06-07 15:08:16Event JSON
{
"id": "b6fbdd256ddd8138019cf5b0fa037eb7738386b920bd38827468ddf61e56007e",
"pubkey": "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73",
"created_at": 1686150496,
"kind": 1,
"tags": [
[
"e",
"742033471721f40b6d43cf4cd64612772c20a2675cdda10846c302155fc1bb24",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2013-10-26\n📝 Original message:One limitation of the payment protocol as speced is that there is no\nway for a hidden service site to make use of its full authentication\ncapability because they are unable to get SSL certificates issued to\nthem.\n\nA tor hidden service (onion site) is controlled by an RSA key.\n\nIt would be trivial to pack a tor HS pubkey into a self-signed x509\ncertificate with the cn set to foooo.onion.\n\nIf we specified in the payment protocol an additional validation\nprocedure for [base32].onion hosts that just has it hash and base32\nencode the pubkey (as tor does) then the payment protocol could work\nseamlessly with tor hosts. (Displaying that the payment request came\nfrom \"foooo.onion\"). I believe that the additional code for this\nwould be trivial (and I'll write it if there is support for making\nthis a standard feature).\n\nThis would give us an fully supported option which is completely CA\nfree... it would only work for tor sites, but the people concerned\nabout CA trechery are likely to want to use tor in any case.\n\nThoughts?",
"sig": "7f0efad206b1ece702942e7a472e72a48328c99aef89470c9289f8780f6c90b948ab1837f39b3158b62a93a6ee61954b21cf97be6532fee57e5d7b559fad50f8"
}