[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #23247 [Applications/Tor Browser]: Communicating security expectations for .onion: what to say about different padlock states for .onion services
#23247: Communicating security expectations for .onion: what to say about different
padlock states for .onion services
--------------------------------------+--------------------------
Reporter: isabela | Owner: tbb-team
Type: project | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by asn):
Replying to [comment:8 tom]:
> There's also the notion of showing different icons for self-signed
.onion (grey onion?) vs DV-ca-signed .onion (green onion?)
Hm. Reason this idea is good:
- Will be easier for users to distinguish between real facebook onion (DV-
ca-signed green onion) and phishing facebook onion (self-signed grey
onion).
Reason this idea is bad:
- It basically gives no way for onion site operators to get the green
onion without paying the CA mafia.
How does Let's Encrypt blend into the above idea? Would it give a green-
onion or not? If yes, then phishers can just use a Let's Encrypt cert to
get the green onion anyway.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs