[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser

Subject: Re: [tor-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 29 Jun 2017 23:12:27 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 29 Jun 2017 19:12:41 -0400
In-reply-to: <051.f0e37f08c25c1d9371c5d208a4a9a65e@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.f0e37f08c25c1d9371c5d208a4a9a65e@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#21321: .onion HTTP is shown as non-secure in Tor Browser
-------------------------------------------------+-------------------------
 Reporter:  cypherpunks                          |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Blocker                              |     Resolution:
 Keywords:  ff52-esr, tbb-usability, ux-team,    |  Actual Points:
  TorBrowserTeam201706                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 > This warning is misleading and half-baked. It's been designed so people
 get notified when they're submitting information and particularly
 passwords in plain text. Obviously not the case with .onion.

 If some likes to run tor on an another machine like a Tor router (eg on an
 OpenWRT-Router or Whonix in a VM) all the PCs or VMs in the same network
 could still capture all the http-packages before the packages enter the
 internet... Thereby, there are use cases in which using an onion-address
 is not sufficient and less secure than an onion-address + tls.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21321#comment:33>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #10121 [Core Tor/Tor]: [DNSPort] Don't query local network IP via Tor
Next by Author: Re: [tor-bugs] #12062 [Core Tor/Tor]: Audit DisableNetwork, we_are_hibernating usage
Previous by thread: Re: [tor-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser
Next by thread: Re: [tor-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser
Index(es):
- Author
- Thread