[tor-bugs] #21321 [Applications/Tor Browser]: .onion HTTP is shown as non-secure in Tor Browser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 19 17:32:13 UTC 2017
#21321: .onion HTTP is shown as non-secure in Tor Browser
-------------------------------------------------+-------------------------
Reporter: cypherpunks | Owner: tbb-
| team
Type: task | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Blocker | Resolution:
Keywords: ff52-esr, tbb-7.0-issues, tbb- | Actual Points:
usability, ux-team, TorBrowserTeam201707, |
GeorgKoppen201707 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cypherpunks):
Replying to [comment:14 yawning]:
> As massively flawed and totally horrible as the CA system is, having a
CA signed TLS cert serves to bind the address to an external identity.
`.onion` address do not have this property. What assurance is there that
the address a user is entering their credentials to is the correct one?
The secure padlock only means that the stuff in transit is secure, it has
absolutely no relevance to whether we're talking to Satan or RiseUp. EV
certs are what one should look at if they want to make sure they're
talking to the right organization.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21321#comment:43>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list