This is an experiment to report things happening on Onion Service land!
Ansible role for Onionspray
We finally have an Ansible role for Onionspray!
Thanks Yassine Zouggari for this work done while setting up Mediapart.fr’s
onionsite!
Self-authenticating TLS Certificates for Onion Services
Having valid, automated and free-of-charge Onion Service certificates
is a priority.
Q Misell, which recently joined as a Tor Core Contributor, is doing
an invaluable work in standardizing ACME for .onion addresses.
While ACME is our first bet, there are still use-cases where having an
alternative certification procedure might be desirable for Onion Service
Operators, such as those not involving certificate data sent to public
Certificate Transparency logs; or just sticking to self-signed
certificates.
During the 2024 Tor meeting, Jeremy Rand proposed building an authentication
module allowing Operators to use their .onion keys as
Certificate Authorities.
His proposal does not conflict with the ACME approach, and both
could be used in parallel:
After the session in Lisbon, Jeremy Rand presented his PCKS#11 module concept
during GPN22:
In summary, now we have another option to consider
OnionSec – a tool to help you secure your onion service
Want to test the general security of your onionsite?
Give OnionSec a try!
Also available through http://4a7plauyfmxgnp4c6f2smhol3x62lvhb7ii7q6ztmvlwy2m5vhw65jid.onion
Source code for the Library/CLI is available at GitHub - TheEnbyperor/onion-sec
Thanks Q Misell for creating this tool and keeping it online