#23247: Communicating security expectations for .onion: what to say about
different
padlock states for .onion services
-------------------------------------------+--------------------------
Reporter: isabela | Owner: tbb-team
Type: project | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team, TorBrowserTeam201804 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------+--------------------------
Comment (by dmr):
Replying to [comment:36 cypherpunks]:
> FWIW it's important to keep this timeline in mind especially the coming
deprecation of the lock icon (2019) for HTTPS https://blog.cloudflare.com
/https-or-bust-chromes-plan-to-label-sites-as-not-secure/
>
> > 1. Google will announce the lock icon’s demise in 2018 and remove it
in January 2019 with the release of Chrome 72
Just to place the quote into context:
This is a //guess/prediction// by CloudFlare. That Chrome will eventually
deprecate the lock icon seems to be part of their rough plan from 2014,
but there is no set timeframe indicated in the article. (Still good to
keep in mind, however.)
> Chris Palmer's [[https://groups.google.com/a/chromium.org/forum/#!topic
/blink-dev/DHQLv76QaEM%5B1-25%5D|email to blink-dev]] in 2014 included
this "strawman proposal" for introducing negative indicators and phasing
out the marking of secure origins entirely:
>
>> Secure > 65%: Non-secure origins marked as Dubious
>> Secure > 75%: Non-secure origins marked as Non-secure
>> Secure > 85%: Secure origins unmarked
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:38>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
