[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #23247 [Applications/Tor Browser]: Communicating security expectations for .onion: what to say about different padlock states for .onion services (was: creating padlock states for .onion services on tool bar)

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #23247 [Applications/Tor Browser]: Communicating security expectations for .onion: what to say about different padlock states for .onion services (was: creating padlock states for .onion services on tool bar)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 17 Aug 2017 20:57:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 17 Aug 2017 16:57:48 -0400
In-reply-to: <047.3d2087c283c9a3bcb136247489b55559@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.3d2087c283c9a3bcb136247489b55559@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#23247: Communicating security expectations for .onion: what to say about different
padlock states for .onion services
--------------------------------------+--------------------------
 Reporter:  isabela                   |          Owner:  tbb-team
     Type:  project                   |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ux-team                   |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------
Description changed by linda:

Old description:

> Firefox (and other browsers) have created a set of states a site can have
> in relationship with ssl certificates, and how to communicate that to the
> user.
>
> Tor Browser has a particular state related to the padlock at the toolbar
> when it comes to .onion services.
>
> This is something that was discussed under this ticket:
>
> https://trac.torproject.org/projects/tor/ticket/21321
>
> Based on that discussion, we decided that the best solution would be
> treat .onion sites different when we are communicating these states for
> .onion sites at Tor Browser.
>
> The work on this ticket is to map all the current states Firefox has for
> ssl certificates on the padlock, and from there start to build a new way
> to communicate these states when they are related to a .onion sites.
>
> We start mapping them here:
>
> https://docs.google.com/document/d/1KHkj2DpmFMB0mjHEfehD5ztY2L0lQzKNtZqct1TXbmg/edit
>
> Is still pending the most difficult part of the work, which is to define
> what to do for .onion sites on those states.

New description:

 = Background =

 Firefox (and other browsers) have created a set of states a site can have
 in relationship with ssl certificates, and how to communicate that to the
 user.

 Currently, Tor Browser doesn't communicate ideally to users that visit
 onion sites--i.e. http + onion looks really scary with lots of warnings!
 This is something that was discussed under #21321. We then realized that
 we should look at all the different state + .onion combinations, and
 carefully communicate what these mean to the user.

 = Objective =

 The work on this ticket is to map all the current states Firefox has for
 ssl certificates on the padlock, and from there start to build a new way
 to communicate these states when they are related to a .onion sites. We
 started mapping them here:

 https://docs.google.com/document/d/1KHkj2DpmFMB0mjHEfehD5ztY2L0lQzKNtZqct1TXbmg/edit

 Is still pending the most difficult part of the work, which is to define
 what to do for .onion sites on those states.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #23247 [Applications/Tor Browser]: creating padlock states for .onion services on tool bar
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #23315 [Internal Services/Tor Sysadmin Team]: Please set up a Windows 10-64 QA machine for Tor Browser related things
Next by Author: Re: [tor-bugs] #9924 [Applications/Tor Browser]: Firefox bug - TBB queries the A record of the hostname of the machine it is running on.
Previous by thread: Re: [tor-bugs] #23247 [Applications/Tor Browser]: creating padlock states for .onion services on tool bar
Next by thread: Re: [tor-bugs] #23247 [Applications/Tor Browser]: Communicating security expectations for .onion: what to say about different padlock states for .onion services
Index(es):
- Author
- Thread