Self-authenticating traditional (SAT) addresses

  • Onion address is encoded into a subdomain of a registered traiditional domain (e.g.
  • Server returns a special header which includes a signature that can be used to verify the TLS certificate used for the connection (using the public key encoded in the onion address/subdomain).
  • Interesting property: authority independence
    • in traditional systems, any malicious authority can issue certificates for your site, but not here.
  • Useful for Tor Browser and regular browser:
  • If using a regular browser, TLS certificate can be checked because of the self-authenticating domain.
  • If using Tor Browser, still get the benefit of TLS identity linked to the certificate (.onion alone already provides the "self-authenticating + encryption", but not trusted identity of the owner).
  • The demo done consisted of a webextension that does the right checks with the signature in the header and the SAT subdomain.
  • It was asked/mentioned that there could be similarities with DNSCurve, concretely the idea of embedding public keys in the subdomain.
  • The webextension can also keep a SAT list which maps traditional domains to SAT domains that the user trusts.
    • Can do rewrites similarly to what https everywhere does, rewriting to the corresponding SAT domain before actually loading the page.
  • There were questions/concerns about whether these persisted SAT lists could open fingerprinting possibilities, since it's persisted state that might be possible to query via JavaScript (like trying to load subresources that might fail or not depending on the state).
Last modified 16 months ago Last modified on Jul 13, 2019, 12:52:38 PM