! In T80#7497, @HulaHoop wrote:
This may not be needed if TPO switches to Let’s Encrypt for its own sites. It would be as simple as trusting their CA without worrying about expired certs or MITM.
If TPO used a self hosted CA as you suggest, then this CA would not be accepted by mainstream browsers. That’s why they probably won’t go that route. They would still require CA accepted by mainstream browsers. I find it quite unlikely, that they maintain two means of ssl verification at the same time. (usual and letsencrypt)
If TPO (The Tor Project) used official letsencrypt CA, then this would be a nice improvement, we could then pin letsencrypt CA only, but this would still not implement the stronger scope of the ticket “direct SSL certificate pinning”.
Or am I misunderstanding something? If TPO used it’s own CA, would then their CA be accepted by letsencrypt CA for torproject.org? In that case, it would indeed make sense to pin to TPO’s self hosted CA only.