#23247: Communicating security expectations for .onion: what to say about
different
padlock states for .onion services
--------------------------------------+--------------------------
Reporter: isabela | Owner: tbb-team
Type: project | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by tom):
Replying to [comment:24 asn]:
> Replying to [comment:23 tom]:
> > I spoke with Mozilla's crypto engineering team - they're not aware of
any padlock deprecation, so I think the design guide is a separate thing.
>
> ACK thanks for asking. That's good. This means we can continue
considering onions in the URL bar.
>
> BTW, you guys that are at All Hands this week, would you be able to
figure out the tradeoffs about onion color on HTTP vs self-signed HTTPS?
There is a debate in the end of the pad that might help you. All Hands
seems like a good place to figure this debate out!
I talked to a few people there, but didn't take a big survey. Trend seems
to be that positive indicators are 'blah' and we should move to only
negative indicators and in a positive state show nothing.
Another vote, separate from that discussion, was a very strong 'no
positive indicator for .onion'
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
