[tor-bugs] #31899 [Applications/Tor Browser]: Hook .onion with URI_IS_POTENTIALLY_TRUSTWORTHY?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 13 21:56:24 UTC 2020
#31899: Hook .onion with URI_IS_POTENTIALLY_TRUSTWORTHY?
--------------------------------------+---------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam202001 | Actual Points:
Parent ID: #21728 | Points: 2.5
Reviewer: | Sponsor: Sponsor27
--------------------------------------+---------------------------
Comment (by sysrqb):
For context, the [https://w3c.github.io/webappsec-secure-contexts/ spec]
describes this as "A potentially trustworthy origin is one which a user
agent can generally trust as delivering data securely".
This includes authenticated and encrypted channels, such as schemes
`https` and `wss`. This also includes "internal" channels such as local
`resource`, `file`, and `about`.
Considering our work on elevating the security of URLs with the `.onion`
TLD within the browser, I think we can reasonably argue loading a `.onion`
URL as a secure context (and therefore adding the URI flag).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31899#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list