[tbb-bugs] #23247 [Applications/Tor Browser]: Communicating security expectations for .onion: what to say about different padlock states for .onion services

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 23 20:01:41 UTC 2018 

#23247: Communicating security expectations for .onion: what to say about different
padlock states for .onion services
-------------------------------------------------+-------------------------
 Reporter:  isabela                              |          Owner:
                                                 |  pospeselr
     Type:  project                              |         Status:
                                                 |  needs_revision
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ux-team, tor-hs,                     |  Actual Points:
  TorBrowserTeam201805                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * keywords:  ux-team, tor-hs, TorBrowserTeam201805R => ux-team, tor-hs,
     TorBrowserTeam201805
 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:53 pospeselr]:
 > Ok, updated patch with both gk and mcs's feedback and fixed the word
 wrapping.  That's what I get for assuming my text editor's word wrap
 functionality would just work the way I expected it to.
 >
 > gk: The _sslStatus != null check is required because now, the _isSecure
 check will be true for .onion domains, even if they are lacking a
 certificate.  Without that check, we'd be doing certificate related
 operations for HTTP onions.

 Yeah, that's what I assumed. The fixups look good, thanks. Two things
 remain:

 1) Please cut the subject line of your commit message. "Bug 23247:
 Communicating security expectations for .onion" is a fine subject.
 2) There is still the localization issue of the hardcoded strings on the
 Page Info dialog.

 I think there is no need to fix that for the ESR52-codebase, rather those
 could be addressed for ESR60.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:60>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list