[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] SOOC (Same Origin Onion Certificates) discussion tomorrow

Hi Everyone,

The current UX situation around HTTPS-enabled onionsites is not the
best: Tor Browser shows security warning splash screens and icons in
scenarios that do not warrant them. On top of that, the only way for
your onion site to not show these warnings is by getting an EV cert
which is only practical if you have the $$$.

alecmuffet's SOOC proposal (
https://github.com/alecmuffett/onion-dv-certificate-proposal/blob/master/text/draft-muffett-same-origin-onion-certificates.txt
) does seem to fix these UX problems for us. Though the proposal is
still incomplete, we can make forward progress with a prototype
implementation as the certificate specification is fully fleshed out.

We'll be talking about this tomorrow during the Sponsor 27 meeting
tomorrow on Tuesday 10th May @ 1500UTC in #tor-meeting. Please feel free
to come by if you wish to discuss.

best,
-Richard

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev