#23247: Communicating security expectations for .onion: what to say about
different
padlock states for .onion services
-------------------------------------------------+-------------------------
Reporter: isabela | Owner:
| pospeselr
Type: project | Status: closed
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution: fixed
Keywords: ux-team, tor-hs, | Actual Points:
TorBrowserTeam201806R |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Description changed by antonela:
Old description:
> = Background =
>
> Firefox (and other browsers) have created a set of states a site can have
> in relationship with ssl certificates, and how to communicate that to the
> user.
>
> Currently, Tor Browser doesn't communicate ideally to users that visit
> onion sites--i.e. http + onion looks really scary with lots of warnings!
> This is something that was discussed under #21321. We then realized that
> we should look at all the different state + .onion combinations, and
> carefully communicate what these mean to the user.
>
> = Objective =
>
> The work on this ticket is to map all the current states Firefox has for
> ssl certificates on the padlock, and from there start to build a new way
> to communicate these states when they are related to a .onion sites. We
> started mapping them here:
>
> https://docs.google.com/document/d/1KHkj2DpmFMB0mjHEfehD5ztY2L0lQzKNtZqct1TXbmg/edit
>
> Is still pending the most difficult part of the work, which is to define
> what to do for .onion sites on those states.
New description:
= Background =
Firefox (and other browsers) have created a set of states a site can have
in relationship with ssl certificates, and how to communicate that to the
user.
Currently, Tor Browser doesn't communicate ideally to users that visit
onion sites--i.e. http + onion looks really scary with lots of warnings!
This is something that was discussed under #21321. We then realized that
we should look at all the different state + .onion combinations, and
carefully communicate what these mean to the user.
= Objective =
The work on this ticket is to map all the current states Firefox has for
ssl certificates on the padlock, and from there start to build a new way
to communicate these states when they are related to a .onion sites. We
started mapping them here:
https://docs.google.com/document/d/1KHkj2DpmFMB0mjHEfehD5ztY2L0lQzKNtZqct1TXbmg/edit
Is still pending the most difficult part of the work, which is to define
what to do for .onion sites on those states.
= Final Version =
https://docs.google.com/document/d/1bPrNLIl7Qy-
sA7aTfElu80Xk2eXzTfH_5BGTOUDK8XU/edit
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:82>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
