#23247: Communicating security expectations for .onion: what to say about different padlock states for .onion services -------------------------------------------------+------------------------- Reporter: isabela | Owner: | pospeselr Type: project | Status: | needs_revision Priority: High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: ux-team, tor-hs, | Actual Points: TorBrowserTeam201805 | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by pospeselr): Ok, updated patch with both gk and mcs's feedback and fixed the word wrapping. That's what I get for assuming my text editor's word wrap functionality would just work the way I expected it to. gk: The _sslStatus != null check is required because now, the _isSecure check will be true for .onion domains, even if they are lacking a certificate. Without that check, we'd be doing certificate related operations for HTTP onions. mcs: The URI is already normalized (?) before it reaches any of this code. Had a similar concern with one of gk's patches awhile back :). -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:53> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs