#21321: .onion HTTP is shown as non-secure in Tor Browser -------------------------------------------------+------------------------- Reporter: cypherpunks | Owner: tbb- | team Type: task | Status: new Priority: High | Milestone: Component: Applications/Tor Browser | Version: Severity: Blocker | Resolution: Keywords: ff52-esr, tbb-usability, ux-team, | Actual Points: TorBrowserTeam201706 | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by cypherpunks): Replying to [comment:27 yawning]: > How is using a site over Tor through an exit, with a CA signed TLS cert any less secure than using an `onion` over HTTP. There's the risk of MiTM by the exit, or due to the flawed CA system itself - as happened in the past for Tor Project infrastructure with CA DigiNotar [1], in comparison with a 0 risk for a MiTM with onion services. [1] : https://blog.torproject.org/comment/12045 -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21321#comment:28> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs