@vtlynch, I’m not clear on whether the CA/B Forum limited .onion certs to EV because of the questionable status of issuing for .onion at all (in terms of guaranteeing uniqueness of a name’s meaning), or because of the difficulty in specifying a validation method.
I hope that we’ll eventually be able to issue DV certs for .onion names, too.