[tbb-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jun 26 04:50:20 UTC 2017

#21321: .onion HTTP is shown as non-secure in Tor Browser
 Reporter:  cypherpunks                          |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Blocker                              |     Resolution:
 Keywords:  ff52-esr, tbb-usability, ux-team,    |  Actual Points:
  TorBrowserTeam201706                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by yawning):

 Replying to [comment:31 mrphs]:
 > That decision has a very clear message, and that is to Mozilla that
 .onion users aren't supposed to use Firefox for their business and they
 should stick to Tor Browser.

 What?  The only thing that signals is "Mozilla gives lip service to an
 RFC", and "Firefox as an application does not implement the Tor protocol"
 (RFC 7686).  Nothing more, nothing less.

 > We're fixing a problem of not seeing an update coming and thinking what
 it means for our users.

 What you're proposing is blurring the line between a CA cert signed site
 over TLS, and `.onion`, which isn't something that should be done lightly.
 "The problem of having reactionary UX instead of a pro-active one.".

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21321#comment:32>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list