[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #23247 [Applications/Tor Browser]: Communicating security expectations for .onion: what to say about different padlock states for .onion services



#23247: Communicating security expectations for .onion: what to say about different
padlock states for .onion services
-------------------------------------------------+-------------------------
 Reporter:  isabela                              |          Owner:
                                                 |  pospeselr
     Type:  project                              |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ux-team, tor-hs,                     |  Actual Points:
  TorBrowserTeam201805R                          |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by pospeselr):

 Uploaded new version of patch against the esr60 gecko-dev branch as well
 as an updated esr52 version.  New version has better implemented detection
 of '_hasInsecureLoginForms'.  Relevant logic is piped down from
 nsGlobalWindow::ComputeIsSecureContext which now checks for
 nsContentUtils::HttpsStateIsModern as well as
 nsContentUtils::DocumentHasOnionURI.

 Will be running my ESR60 patch against the TrySerer tonight to see if this
 breaks anything.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:63>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs