關於 .onion SSL Certificate 的表決 (Tor Network)

關於 .onion 的 SSL Certificate,在 CAB Forum 這邊提出來表決了:「Ballot 144 – Validation rules for .onion names」。

有些時間限制與一般的 SSL Certificate 不太一樣:

CAs MUST NOT issue a Certificate that includes a Domain Name where .onion is in the right-most label of the Domain Name with a validity period longer than 15 months. Despite Section 9.2.1 of the Baseline Requirements deprecating the use of Internal Names, a CA MAY issue a Certificate containing an .onion name with an expiration date later than 1 November 2015 after (and only if) .onion is officially recognized by the IESG as a reserved TLD.

然後:

On or before May 1, 2015, each CA MUST revoke all Certificates issued with the Subject Alternative Name extension or Common Name field that includes a Domain Name where .onion is in the right-most label of the Domain Name unless the Certificate was issued in compliance with this Appendix F.

等投票結束後再來看...

This entry was posted in Computer, Murmuring, Network, P2P, Security, WWW and tagged , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *