[tor-bugs] #23247 [Applications/Tor Browser]: Communicating security expectations for .onion: what to say about different padlock states for .onion services
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 18 15:02:16 UTC 2017
#23247: Communicating security expectations for .onion: what to say about different
padlock states for .onion services
--------------------------------------+--------------------------
Reporter: isabela | Owner: tbb-team
Type: project | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by tom):
Replying to [comment:24 asn]:
> Replying to [comment:23 tom]:
> > I spoke with Mozilla's crypto engineering team - they're not aware of
any padlock deprecation, so I think the design guide is a separate thing.
>
> ACK thanks for asking. That's good. This means we can continue
considering onions in the URL bar.
>
> BTW, you guys that are at All Hands this week, would you be able to
figure out the tradeoffs about onion color on HTTP vs self-signed HTTPS?
There is a debate in the end of the pad that might help you. All Hands
seems like a good place to figure this debate out!
I talked to a few people there, but didn't take a big survey. Trend seems
to be that positive indicators are 'blah' and we should move to only
negative indicators and in a positive state show nothing.
Another vote, separate from that discussion, was a very strong 'no
positive indicator for .onion'
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list