ÃÛÌÒTV

Good news for .onion sites: The .onion domain is now recognized as a special-use, top-level domain by the Internet Engineering Steering Group, thanks to efforts by and .

This means that publicly trusted SSL Certificates can continue to be issued for .onion domains following the deprecation of internal names, which is happening later this year. Additionally, this means Tor website operators can authenticate themselves to users by using publicly trusted SSL Certificates. These certificates are essential to help combat phishing and MITM attacks for Tor users.

What Led to This Point

For the .onion address to be an accepted special-use, top-level domain, an RFC by the Internet Engineering Task Force (IETF) had to be approved: . In addition, .onion had to be recognized by Internet Assigned Numbers Authority (IANA) on as a special-use domain.

In November 2014, , which enabled users to browse Facebook anonymously through the Tor browser. And up until now, .onion was considered an internal name, but later this year. If .onion was not recognized as a top-level domain before November 1, 2015, the certificates would have had a maximum validity period through October 31, 2015, and would then need to be revoked.

What This Means for the Future of Tor Security

The IETF and IANA approvals ensure that SSL Certificates can continue to be issued to .onion names in accordance with the CA/B Forum .onion vetting guidelines.

The CA/B Forum guidelines for vetting .onion names, outlined in , are the same. EV SSL Certificates are still required with a special use-case that allows wildcard names in an EV Certificate.