[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #18252 [- Select a component]: Ask DuckDuckGo to add its .onion into HTTPS certificate and change schema in the search plugin to HTTPS
#18252: Ask DuckDuckGo to add its .onion into HTTPS certificate and change schema
in the search plugin to HTTPS
--------------------------------------+-----------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
--------------------------------------+-----------------
Because .onions are not self-authenticating (it can be a backdoor by Tor
developers), anyone with enough computational power can make MiTM. The
temporary solution is to use HTTPS even on .onions.
DDG allows you to connect via HTTPS to their .onion, though they don't
have .onion name in their HTTPS certificate, which causes
ssl_error_bad_cert_domain errors.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18252>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs