Assuming a .onion's key were to be bruteforced or stolen however, you would also need to steal the SSL private key in order to continue to appear authentic.
I'm not saying Tor doesn't cover authenticity, but that SSL provides an additional authenticity check on top of that.
edit: On the topic of bruteforcing, the linked Stack Overflow post leads me to believe it's not terribly infeasible.
Additionally, stealing the .onion's key would likely expose the SSL private key as well (as you'd likely have access to the server at that point), unless the .onion's key is exposed due to misconfiguration or another form of human error.
I also think, lastly, that the point about the browser understanding its dealing with a secure connection and enforcing general browser SSL rules has merit.
So a million cores still takes years. What would you consider infeasible, may I ask?
Also, you're wrong about bruteforcing the domain implying you can decrypt if not for ssl. If you bruteforce (for millions or billions), you won't get the same key. You'll get a key that shares the first 80 bits of its hash with the other key used. So you can use it to mitm or impersonate the site, but you can't use it passively to decrypt connections to the onion.
I'm not saying Tor doesn't cover authenticity, but that SSL provides an additional authenticity check on top of that.
edit: On the topic of bruteforcing, the linked Stack Overflow post leads me to believe it's not terribly infeasible.
Additionally, stealing the .onion's key would likely expose the SSL private key as well (as you'd likely have access to the server at that point), unless the .onion's key is exposed due to misconfiguration or another form of human error.
I also think, lastly, that the point about the browser understanding its dealing with a secure connection and enforcing general browser SSL rules has merit.
edit 2: Forgot the link - https://security.stackexchange.com/questions/29772/how-do-yo...