#18252: Ask DuckDuckGo to add its .onion into HTTPS certificate and change
schema
in the search plugin to HTTPS
--------------------------------------+-----------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
--------------------------------------+-----------------
Because .onions are not self-authenticating (it can be a backdoor by Tor
developers), anyone with enough computational power can make MiTM. The
temporary solution is to use HTTPS even on .onions.
DDG allows you to connect via HTTPS to their .onion, though they don't
have .onion name in their HTTPS certificate, which causes
ssl_error_bad_cert_domain errors.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18252>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
