Some news from the Onion Space - 2024-09

This is an experiment to report things happening on Onion Service land!

Ansible role for Onionspray

We finally have an Ansible role for Onionspray!

Thanks Yassine Zouggari for this work done while setting up Mediapart.fr’s
onionsite
!

Self-authenticating TLS Certificates for Onion Services

Having valid, automated and free-of-charge Onion Service certificates
is a priority.

Q Misell, which recently joined as a Tor Core Contributor, is doing
an invaluable work in standardizing ACME for .onion addresses.

While ACME is our first bet, there are still use-cases where having an
alternative certification procedure might be desirable for Onion Service
Operators, such as those not involving certificate data sent to public
Certificate Transparency logs; or just sticking to self-signed
certificates.

During the 2024 Tor meeting, Jeremy Rand proposed building an authentication
module allowing
Operators to use their .onion keys as
Certificate Authorities.

His proposal does not conflict with the ACME approach, and both
could be used in parallel:

After the session in Lisbon, Jeremy Rand presented his PCKS#11 module concept
during GPN22:

In summary, now we have another option to consider :slight_smile:

OnionSec – a tool to help you secure your onion service

Want to test the general security of your onionsite?

Give OnionSec a try!

Also available through http://4a7plauyfmxgnp4c6f2smhol3x62lvhb7ii7q6ztmvlwy2m5vhw65jid.onion

Source code for the Library/CLI is available at GitHub - TheEnbyperor/onion-sec

Thanks Q Misell for creating this tool and keeping it online :slight_smile:

2 Likes