@nightpool @gargron yeah, let's consider *why* we have certificate authorities (which are an awful design)... it's because the domain and "what key belongs to that domain" are decoupled

But in tor onion services, they aren't decoupled... they're bundled very directly together. The name of the tor onion service *is* the key. So it goes straight over a secure connection. No CAs needed!