[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser

Subject: Re: [tor-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 19 Jul 2017 17:32:13 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 19 Jul 2017 13:32:24 -0400
In-reply-to: <051.f0e37f08c25c1d9371c5d208a4a9a65e@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.f0e37f08c25c1d9371c5d208a4a9a65e@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#21321: .onion HTTP is shown as non-secure in Tor Browser
-------------------------------------------------+-------------------------
 Reporter:  cypherpunks                          |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Blocker                              |     Resolution:
 Keywords:  ff52-esr, tbb-7.0-issues, tbb-       |  Actual Points:
  usability, ux-team, TorBrowserTeam201707,      |
  GeorgKoppen201707                              |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 Replying to [comment:14 yawning]:
 > As massively flawed and totally horrible as the CA system is, having a
 CA signed TLS cert serves to bind the address to an external identity.
 `.onion` address do not have this property.  What assurance is there that
 the address a user is entering their credentials to is the correct one?

 The secure padlock only means that the stuff in transit is secure, it has
 absolutely no relevance to whether we're talking to Satan or RiseUp. EV
 certs are what one should look at if they want to make sure they're
 talking to the right organization.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21321#comment:43>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #21830 [Applications/Tor Browser]: Copying large text from web console leaks to /tmp
Next by Author: Re: [tor-bugs] #10306 [Metrics/Compass]: Show relays by nickname substring
Previous by thread: Re: [tor-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser
Next by thread: Re: [tor-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser
Index(es):
- Author
- Thread