[tor-bugs] #18252 [- Select a component]: Ask DuckDuckGo to add its .onion into HTTPS certificate and change schema in the search plugin to HTTPS
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Feb 5 19:21:20 UTC 2016
#18252: Ask DuckDuckGo to add its .onion into HTTPS certificate and change schema
in the search plugin to HTTPS
--------------------------------------+-----------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
--------------------------------------+-----------------
Because .onions are not self-authenticating (it can be a backdoor by Tor
developers), anyone with enough computational power can make MiTM. The
temporary solution is to use HTTPS even on .onions.
DDG allows you to connect via HTTPS to their .onion, though they don't
have .onion name in their HTTPS certificate, which causes
ssl_error_bad_cert_domain errors.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18252>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list