An "onion-csr-01" MUST NOT be used to issue certificates for non
".onion" Special-Use Domain Names.
Clients prove control over the key associated with the ".onion"
service by generating a CSR [RFC2986] with the following additional
extension attributes and signing it with the private key of the
".onion" Special-Use Domain Name:
* A caSigningNonce attribute containing the nonce provided in the
challenge. This MUST be raw bytes, and not the base64 encoded
value provided in the challenge object.
* An applicantSigningNonce containing a nonce generated by the
client. This MUST have at least 64 bits of entropy. This MUST be
raw bytes.
I think the main reason is it allows for easier access to Tor hidden sides with a “regular” web browser. Consider a wifi network that exposed .onion domains via normal DNS, or a VPN, or other similar mechanisms. It’s not as good as Tor browser, but may be a lot more accessible.
This was interesting:
Why do .onion domain names need certificates, if Tor already enforces that only the party with the corresponding private key can see traffic to them?
The last hop off the relay is unencrypted breaking the security model.
Also, some browser features only work on HTTPS sites.
I think the main reason is it allows for easier access to Tor hidden sides with a “regular” web browser. Consider a wifi network that exposed .onion domains via normal DNS, or a VPN, or other similar mechanisms. It’s not as good as Tor browser, but may be a lot more accessible.