[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #23247 [Applications/Tor Browser]: Communicating security expectations for .onion: what to say about different padlock states for .onion services



#23247: Communicating security expectations for .onion: what to say about different
padlock states for .onion services
--------------------------------------+--------------------------
 Reporter:  isabela                   |          Owner:  tbb-team
     Type:  project                   |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ux-team                   |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by tom):

 From the meeting today:

 Icon Styles we can choose from. (You may need FF 58 to view these the way
 tjr sees them.)

     Green Padlock with EV Banner

     Green Onion with EV Banner


     Green Padlock: https://sha512.badssl.com/

     Green Onion


 The four above states indicate complete trust in the website. The EV
 Banner is used to convey identity information, to positive indicate you
 are talking to this specific *company* that operates this website.

     Green Padlock with warning - https://self-signed.badssl.com/ (used for
 excepted self-signed certs this one is WEIRD)


 This state is weird. We shouldn't need it. It indicates that while the
 connection is secure, the browser thought it might not be secure but you
 went and told the browser no really this is secure.

     Grey Padlock with warning - https://mixed.badssl.com/

     Grey Onion with warning


 These icons indicate that the website is mostly secure, but that there was
 a problem with the configuration. It could be better, but it's not
 INSECURE.

     Grey Padlock with Red Strikethrough - http://http-password.badssl.com/

     Grey onion with Red Strikethrough


 These icons indicate something is DEFINETLY INSECURE

     Grey Onion

     Grey Padlock


 These icons don't exist. We could make them, but we would need to define
 what they mean.

     Missing Entirely http://http.badssl.com/


 This is a legacy state. It's for HTTP. It's insecure because it's not
 actually secure, but we don't want to say it's insecure because we'd put
 it on so much of the web we'd scare users.




 ---------------

 I believe this table represents current thinking.

 {{{

     Onion over HTTP:                 ???????

     Onion with Self-Signed HTTPS:    ???????

     Onion with CA-Issused DV Cert:   Green Onion

     Onion with CA-Issused EV Cert:   Green Onion with EV Banner


     Mixed Content Scenarios:

     A HTTPS Site embeds onion:
        HTTPS Site with HTTP Onion Subresources:              Keeps
 Original Padlock (whether that was Green or w/ Warning or whatever)
        HTTPS Site with HTTPS Onion Subresources:             Keeps
 Original Padlock
        HTTPS Site with HTTPS Self-Signed Onion Subresources: Keeps
 Original Padlock


     An Onion embeds HTTP:
        HTTP Onion with HTTP Subresources:               Grey onion with
 Red Strikethrough
        HTTPS Onion with HTTP Subresources:              Grey onion with
 Red Strikethrough
        HTTPS Self Signed Onion with HTTP Subresources:  Grey onion with
 Red Strikethrough

     An onion embeds HTTPS:
        HTTP Onion with HTTPS Subresources:              ???????
        HTTPS Onion with HTTPS Subresources:             Green Onion (with
 EV Banner if EV certificate)
        HTTPS Self Signed Onion with HTTPS Subresources: Grey Onion with
 warning
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs