[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13410 [Tor Browser]: Disable self-signed certificate warnings when visiting .onion sites

Subject: Re: [tor-bugs] #13410 [Tor Browser]: Disable self-signed certificate warnings when visiting .onion sites
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 16 May 2015 04:08:27 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 16 May 2015 00:08:36 -0400
In-reply-to: <043.59c16eed50781931c8558354916f09ba@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.59c16eed50781931c8558354916f09ba@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#13410: Disable self-signed certificate warnings when visiting .onion sites
-----------------------------+----------------------
     Reporter:  tom          |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+----------------------

Comment (by vynX):

 Yes, I was about to open the same feature enhancement request. The
 addresses of hidden services are a much stronger guarantee of authenticity
 than any damn certificate. It is completely irrelevant which certificate
 the website is offering and in fact it apparently takes special bribing to
 have a valid cert issued for an .onion although there is no reason for
 that. CAs could give out onion certs with zero checks since only the owner
 of the private key can make any use of it.

 Please make use of the technological advantages of Tor. Don't let legacy
 crap impede us from fully enjoying end-to-end TLS (which is relevant when
 your Tor router isn't the same machine as your Tor browser).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13410#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #13429 [Tor Browser]: Can't add exception for unverified SSL certificates in Tor Browser 4.0-alpha-3
Next by Author: Re: [tor-bugs] #14087 [Tor Browser]: Tor Browser needs an "Automatic Proxy Configuration Script" option
Previous by thread: Re: [tor-bugs] #13429 [Tor Browser]: Can't add exception for unverified SSL certificates in Tor Browser 4.0-alpha-3
Next by thread: Re: [tor-bugs] #13410 [Tor Browser]: Disable self-signed certificate warnings when visiting .onion sites
Index(es):
- Author
- Thread