Anyone comment on the http thing? Does Tor layer security in that anyway so "Saul Goodman" or is there anything more needed here?
Anyone comment on the http thing? Does Tor layer security in that anyway so "Saul Goodman" or is there anything more needed here?
The onion address is the certificate, albeit not one that expires or can be revoked. As long as you get it from a trusted source, you should be good.
Without having a trustable certificate, the connection can be MITM'ed anyways. Anyone can produce a self-signed cert on demand.
Onion addresses are unforgeable and traffic is encrypted. http over .onion is comparable to http over tls.