[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #24922 [- Select a component]: Misleading Help

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #24922 [- Select a component]: Misleading Help
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 17 Jan 2018 15:58:35 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 17 Jan 2018 10:58:48 -0500
In-reply-to: <049.50ebc813f8c003da6373210b57ec250d@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.50ebc813f8c003da6373210b57ec250d@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#24922: Misleading Help
----------------------------------------------+-------------------------
 Reporter:  RogerMont                         |          Owner:  (none)
     Type:  defect                            |         Status:  closed
 Priority:  Medium                            |      Milestone:
Component:  - Select a component              |        Version:
 Severity:  Normal                            |     Resolution:  invalid
 Keywords:  HTTPS,  Self-Signed Certificates  |  Actual Points:
Parent ID:                                    |         Points:
 Reviewer:                                    |        Sponsor:
----------------------------------------------+-------------------------

Comment (by RogerMont):

 Hello NickM.

 Onion Services (Hidden Services) are NOT end-to-end encrypted.  Did you
 read the description of the problem?

 The exit node does the final decryption.  If the onion service does not
 provide HTTPS, thinking it is unneeded, the user and onion service
 provider communication is completely visible to their respective exit
 node.

 I would change the text to be something like:

 Onion services using HTTPS should be preferred because the final
 communication between the user and the tor network is unencrypted.
 Connecting with an onion service without HTTPS will eventually allow
 others to discover your usernames, passwords, and any other sensitive
 information.  It is common for attackers to operate exit nodes to learn
 your personal information.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24922#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #24922 [- Select a component]: Misleading Help
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #24658 [Core Tor/Tor]: Split/refactor crypto.h into smaller separate modules
Next by Author: Re: [tor-bugs] #25056 [Applications/Tor Browser]: Tor browser sometimes hangup for a few seconds
Previous by thread: Re: [tor-bugs] #24922 [- Select a component]: Misleading Help
Next by thread: Re: [tor-bugs] #24922 [- Select a component]: Misleading Help
Index(es):
- Author
- Thread