[tbb-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 19 17:32:13 UTC 2017

#21321: .onion HTTP is shown as non-secure in Tor Browser
 Reporter:  cypherpunks                          |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Blocker                              |     Resolution:
 Keywords:  ff52-esr, tbb-7.0-issues, tbb-       |  Actual Points:
  usability, ux-team, TorBrowserTeam201707,      |
  GeorgKoppen201707                              |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by cypherpunks):

 Replying to [comment:14 yawning]:
 > As massively flawed and totally horrible as the CA system is, having a
 CA signed TLS cert serves to bind the address to an external identity.
 `.onion` address do not have this property.  What assurance is there that
 the address a user is entering their credentials to is the correct one?

 The secure padlock only means that the stuff in transit is secure, it has
 absolutely no relevance to whether we're talking to Satan or RiseUp. EV
 certs are what one should look at if they want to make sure they're
 talking to the right organization.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21321#comment:43>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list