[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21877 [Applications/Tor Browser]: HTTP only onion services are marked as insecure in TBB ff52 nightly

Subject: Re: [tor-bugs] #21877 [Applications/Tor Browser]: HTTP only onion services are marked as insecure in TBB ff52 nightly
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 06 Apr 2017 14:38:29 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 06 Apr 2017 10:38:42 -0400
In-reply-to: <050.cf6be6103f542edb90abc7eb76b694e2@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <050.cf6be6103f542edb90abc7eb76b694e2@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#21877: HTTP only onion services are marked as insecure in TBB ff52 nightly
--------------------------------------+--------------------------
 Reporter:  blockflare                |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by cypherpunks):

 Replying to [comment:2 blockflare]:
 > Replying to [comment:1 cypherpunks]:
 > > Yes, HTTP is not HTTPS.
 >
 > But onion services are e2e encrypted, even if they don't have an EV
 Cert, they should not be marked as insecure and as "Information you submit
 could be viewed by others  (like passwords, messages, credit cards,
 etc.)".
 FF marks it as an insecure HTTP, but this is really not obvious.
 (Also your ticket seems to be a duplicate of some earlier tickets.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21877#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #21877 [Applications/Tor Browser]: HTTP only onion services are marked as insecure in TBB ff52 nightly
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #22070 [Applications/Tor Browser]: Check whether we need to update our font whitelist for ESR52
Next by Author: Re: [tor-bugs] #15813 [Metrics/Onionoo]: onionoo instances have distinct contact string encoding
Previous by thread: Re: [tor-bugs] #21877 [Applications/Tor Browser]: HTTP only onion services are marked as insecure in TBB ff52 nightly
Next by thread: Re: [tor-bugs] #21877 [Applications/Tor Browser]: HTTP only onion services are marked as insecure in TBB ff52 nightly
Index(es):
- Author
- Thread