[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13410 [Applications/Tor Browser]: Disable self-signed certificate warnings when visiting .onion sites

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #13410 [Applications/Tor Browser]: Disable self-signed certificate warnings when visiting .onion sites
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 21 Jun 2018 07:19:32 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 21 Jun 2018 03:19:43 -0400
In-reply-to: <043.59c16eed50781931c8558354916f09ba@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.59c16eed50781931c8558354916f09ba@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13410: Disable self-signed certificate warnings when visiting .onion sites
--------------------------------------+--------------------------
 Reporter:  tom                       |          Owner:  tbb-team
     Type:  defect                    |         Status:  reopened
 Priority:  Very High                 |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ux-team                   |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by cypherpunks):

 @pastly

 Your argument is not valid at all, because you're saying onion is MITMed
 somehow.
 .onion is secure. If it's not secure, then why the Tor Project ignore
 mixed content for .onions?

 If HTTP .onion is not secure, you should verify each connection.
 HTTP .onion is secure >> then >> HTTPS .onion shall be secured because
 cert data is transported via HTTP channel.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13410#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #26398 [Core Tor/Tor]: feature gate testing C code from Rust for now
Next by Author: Re: [tor-bugs] #10755 [Community/Tor Support]: Provide support through webchat
Previous by thread: Re: [tor-bugs] #13410 [Applications/Tor Browser]: Disable self-signed certificate warnings when visiting .onion sites
Next by thread: Re: [tor-bugs] #13410 [Applications/Tor Browser]: Disable self-signed certificate warnings when visiting .onion sites
Index(es):
- Author
- Thread