Self-Authenticating TLS Certificates for Tor Onion Services (gpn22)

TLS (the security layer behind HTTPS) and Tor onion services (anonymously hosted TCP services) are both excellent protocols. Wouldn't it be nice if we could use them together? In this talk, I'll cover a working implementation of combining TLS with onion services, without compromising on the security properties that each provides. Topics to be covered include: * Why would you want to combine TLS with onion services? Why isn't onion service encryption good enough? * Why isn't unauthenticated TLS (e.g. self-signed certificates) good enough for onion services? * How can we authenticate a TLS certificate for a .onion domain without relying on public CA's like Let's Encrypt or any other trusted third parties? (No we're not using a blockchain.) * How can we teach standard (unmodified) web browsers like Firefox to apply different certificate validation logic for .onion certificates? * How can we teach standard (unmodified) web browsers like Firefox to validate certificates using typically-unsupported elliptic curves like Ed25519 (which Tor uses)? about this event: https://cfp.gulas.ch/gpn22/talk/XFT8NC/