[tor-bugs] #21877 [Applications/Tor Browser]: HTTP only onion services are marked as insecure in TBB ff52 nightly
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Apr 6 14:38:29 UTC 2017
#21877: HTTP only onion services are marked as insecure in TBB ff52 nightly
--------------------------------------+--------------------------
Reporter: blockflare | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cypherpunks):
Replying to [comment:2 blockflare]:
> Replying to [comment:1 cypherpunks]:
> > Yes, HTTP is not HTTPS.
>
> But onion services are e2e encrypted, even if they don't have an EV
Cert, they should not be marked as insecure and as "Information you submit
could be viewed by others (like passwords, messages, credit cards,
etc.)".
FF marks it as an insecure HTTP, but this is really not obvious.
(Also your ticket seems to be a duplicate of some earlier tickets.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21877#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list