Tor CA - .onion SSL system
While Tor hidden service is secure by default, many websites are shifting to HTTPS. Some .onion websites provide HTTPS access with self-sign certi- ficate. .onion website can be viewed only from Tor network, especially from "Tor Browser" by Tor project, and "Orfox" by GuardianProject.
Thus, I suggest this project: ".onion Certificate Authority"(TorOCA).
It's like "LetsEncrypt" - "clearnet" + ".onion". TorOCA gives a pair of certificate(you know, pem and key) to .onion holder.
- "Tor Browser" have TorOCA root certificate as acceptable authority.
- User visit https .onion website.
- The server send TLS certification, which is signed by TorOCA.
- User can visit the website without warning.
- Pricing. Free is good, but how about ".onion cert/$10/one-time"? This will help Tor project income.
- Sub-domain. Some .onion websites use subdomain instead of their main domain.