在 Hacker News 首頁上看到「Certificates for Onion Services (torproject.org)」這篇,提到了 Tor 的 onion service (hidden service) 上申請 TLS certificate 的需求:「Certificates for Onion Services」。
四年前寫過「讓 Tor 的 .onion 支援 HTTPS」這篇有提到這件事情,看起來後面沒有太多進展?
Tor 的 onion service 在 v3 後,網址本身就是 public key 了 (在「Onion Service 第二版的退場計畫」這邊有提到),可以直接放下 256-bit 的 ed25519 public key:
The most obvious difference between V2 and V3 onion services is the different address format. V3 onion addresses have 56 characters instead of 16 (because they contain a full ed25519 public key, not just the hash of a public key), meaning that migrating from V2 to V3 requires all users to learn/remember/save a new onion address address.
但上 TLS certificate 還是有很多好處,第一個馬上想到的是 browser 有很多 API 只支援在 https:// 的情況下才能使用:
Some browser features are available only with HTTPS, like Secure Contexts, Content Security Policy (CSP), Secure cookies, WebAuthn, WebRTC and PaymentRequest.
另外一個是 HTTP/2 雖然在「規格上」有支援 plaintext 模式,但「實作上」只有支援 HTTPS 模式,而 HTTP/2 的速度會比 HTTP/1.1 快不少:
Allows for the usage of HTTP/2, since some browsers only support it if on HTTPS. In the future, HTTP2 and HTTP3 may only work with TLS, and thus valid certificates.
這兩點對於透過 Tor 的應用來說幫助蠻大的,看看這波討論能不能再推動一些進度...
![[SweetSub&LoliHouse] 小书痴的下克上 领主的养女 / Honzuki no Gekokujou S04 - 05 [WebRip...](http://files.seeusercontent.com/2026/04/08/dRa8/Honzuki.jpg)
