While it is technically possible to serve onion services via HTTPS using TLS certificates that are signed by a “proper” CA, it is the exception, not the norm.
The benefit of TLS certificates for .onion is authentication: Users can (by trusting some CA) ensure that they are indeed communicating with the service they would like to. In Radicle, this is not that big of a deal, because we have DIDs and signatures in the application layer.
Also, setups I have seen so far are more “ad hoc”, and people would probably tend to self-sign their certificates, which would cause validation in browsers to fail anyway.
See also:
While it is technically possible to serve onion services via HTTPS using TLS certificates that are signed by a “proper” CA, it is the exception, not the norm.
The benefit of TLS certificates for .onion is authentication: Users can (by trusting some CA) ensure that they are indeed communicating with the service they would like to. In Radicle, this is not that big of a deal, because we have DIDs and signatures in the application layer.
Also, setups I have seen so far are more “ad hoc”, and people would probably tend to self-sign their certificates, which would cause validation in browsers to fail anyway.
See also:
Rebase.
Nice. Just gonna see if this breaks anything.
👉 npm run format