[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13410 [Tor Browser]: Disable self-signed certificate warnings when visiting .onion sites

Subject: Re: [tor-bugs] #13410 [Tor Browser]: Disable self-signed certificate warnings when visiting .onion sites
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 18 May 2015 14:35:45 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 18 May 2015 10:35:56 -0400
In-reply-to: <043.59c16eed50781931c8558354916f09ba@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.59c16eed50781931c8558354916f09ba@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13410: Disable self-signed certificate warnings when visiting .onion sites
-----------------------------+----------------------
     Reporter:  tom          |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+----------------------

Comment (by vynX):

 Browsers must not attempt to resolve .onion via DNS. If that is a given,
 then MITM attempts using DNS + fake .onion certificates while there is no
 Tor onion involved at all are incapable of succeeding. So the work to be
 done is to get all browser vendors to implement .onion in a failsafe way.
 I believe @ioerror's and @grothoff's IETF drafts for .onion TLD mention
 that... it's also important that .onion isn't the only pseudo-TLD that
 gets excluded from the X.509 monstrosity since we don't want to get stuck
 on .onion for all times.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13410#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #16080 [Tor Browser]: torbrowser 4.5.1 and dns
Next by Author: Re: [tor-bugs] #16069 [Onionoo]: ipv4 + ipv6 exit : v6 policy is displayed twice, v4 isn't displayed
Previous by thread: Re: [tor-bugs] #13410 [Tor Browser]: Disable self-signed certificate warnings when visiting .onion sites
Next by thread: Re: [tor-bugs] #14087 [Tor Browser]: Tor Browser needs an "Automatic Proxy Configuration Script" option
Index(es):
- Author
- Thread