Tor CA - .onion SSL system

While Tor hidden service is secure by default, many websites are shifting to HTTPS. Some .onion websites provide HTTPS access with self-sign certi- ficate. .onion website can be viewed only from Tor network, especially from "Tor Browser" by Tor project, and "Orfox" by GuardianProject.

Thus, I suggest this project: ".onion Certificate Authority"(TorOCA).

It's like "LetsEncrypt" - "clearnet" + ".onion". TorOCA gives a pair of certificate(you know, pem and key) to .onion holder.

1. "Tor Browser" have TorOCA root certificate as acceptable authority.
2. User visit https .onion website.
3. The server send TLS certification, which is signed by TorOCA.
4. User can visit the website without warning.

Consider:

1. Pricing. Free is good, but how about ".onion cert/$10/one-time"? This will help Tor project income.
2. Sub-domain. Some .onion websites use subdomain instead of their main domain.

Trac:
Username: ikurua22