CAA Extensions for the Tor Rendezvous Specification (!716) · Merge requests · The Tor Project / Core / Tor

Q Misell requested to merge TheEnbyperor/tor:caa into main Jun 05, 2023

This MR implements the 343-rend-caa proposal, in support of draft-misell-acme-onion.

It allows adding CAA records (as in the DNS) to hidden service descriptors to aid the security of issuing TLS certificates to .onion Special-use Domain Names. Example:

HiddenServiceDir /var/lib/tor/test_hs/
HiddenServicePort 80 127.0.0.1:8888
HiddenServiceCAA 0 issue "test.acmeforonions.org"
HiddenServiceCAA 0 iodef "mailto:q@magicalcodewit.ch"
HiddenServiceCAA 128 validationmethods "onion-csr-01"

Further details about this project can be found at acmeforonions.org.

CAA Extensions for the Tor Rendezvous Specification

Merge request reports