#23247: Communicating security expectations for .onion: what to say about different padlock states for .onion services --------------------------------------+-------------------------- Reporter: isabela | Owner: tbb-team Type: project | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: ux-team | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------+-------------------------- Description changed by linda:
Old description: > Firefox (and other browsers) have created a set of states a site can have > in relationship with ssl certificates, and how to communicate that to the > user. > > Tor Browser has a particular state related to the padlock at the toolbar > when it comes to .onion services. > > This is something that was discussed under this ticket: > > https://trac.torproject.org/projects/tor/ticket/21321 > > Based on that discussion, we decided that the best solution would be > treat .onion sites different when we are communicating these states for > .onion sites at Tor Browser. > > The work on this ticket is to map all the current states Firefox has for > ssl certificates on the padlock, and from there start to build a new way > to communicate these states when they are related to a .onion sites. > > We start mapping them here: > > https://docs.google.com/document/d/1KHkj2DpmFMB0mjHEfehD5ztY2L0lQzKNtZqct1TXbmg/edit > > Is still pending the most difficult part of the work, which is to define > what to do for .onion sites on those states. New description: = Background = Firefox (and other browsers) have created a set of states a site can have in relationship with ssl certificates, and how to communicate that to the user. Currently, Tor Browser doesn't communicate ideally to users that visit onion sites--i.e. http + onion looks really scary with lots of warnings! This is something that was discussed under #21321. We then realized that we should look at all the different state + .onion combinations, and carefully communicate what these mean to the user. = Objective = The work on this ticket is to map all the current states Firefox has for ssl certificates on the padlock, and from there start to build a new way to communicate these states when they are related to a .onion sites. We started mapping them here: https://docs.google.com/document/d/1KHkj2DpmFMB0mjHEfehD5ztY2L0lQzKNtZqct1TXbmg/edit Is still pending the most difficult part of the work, which is to define what to do for .onion sites on those states. -- -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:3> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs