#21321: .onion HTTP is shown as non-secure in Tor Browser -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- | team Type: task | Status: new Priority: High | Milestone: Component: Applications/Tor Browser | Version: Severity: Blocker | Resolution: Keywords: ff52-esr, tbb-7.0-issues, tbb- | Actual Points: usability, ux-team, TorBrowserTeam201707, | GeorgKoppen201707 | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by cypherpunks): Replying to [comment:14 yawning]: > As massively flawed and totally horrible as the CA system is, having a CA signed TLS cert serves to bind the address to an external identity. `.onion` address do not have this property. What assurance is there that the address a user is entering their credentials to is the correct one? The secure padlock only means that the stuff in transit is secure, it has absolutely no relevance to whether we're talking to Satan or RiseUp. EV certs are what one should look at if they want to make sure they're talking to the right organization. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21321#comment:43> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs