[tbb-bugs] #23247 [Applications/Tor Browser]: Communicating security expectations for .onion: what to say about different padlock states for .onion services

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 18 00:03:09 UTC 2018


#23247: Communicating security expectations for .onion: what to say about different
padlock states for .onion services
-------------------------------------------+--------------------------
 Reporter:  isabela                        |          Owner:  tbb-team
     Type:  project                        |         Status:  new
 Priority:  High                           |      Milestone:
Component:  Applications/Tor Browser       |        Version:
 Severity:  Normal                         |     Resolution:
 Keywords:  ux-team, TorBrowserTeam201804  |  Actual Points:
Parent ID:                                 |         Points:
 Reviewer:                                 |        Sponsor:
-------------------------------------------+--------------------------

Comment (by dmr):

 Replying to [comment:36 cypherpunks]:
 > FWIW it's important to keep this timeline in mind especially the coming
 deprecation of the lock icon (2019) for HTTPS https://blog.cloudflare.com
 /https-or-bust-chromes-plan-to-label-sites-as-not-secure/
 >
 > > 1. Google will announce the lock icon’s demise in 2018 and remove it
 in January 2019 with the release of Chrome 72

 Just to place the quote into context:
 This is a //guess/prediction// by CloudFlare. That Chrome will eventually
 deprecate the lock icon seems to be part of their rough plan from 2014,
 but there is no set timeframe indicated in the article. (Still good to
 keep in mind, however.)

 > Chris Palmer's [[https://groups.google.com/a/chromium.org/forum/#!topic
 /blink-dev/DHQLv76QaEM%5B1-25%5D|email to blink-dev]] in 2014 included
 this "strawman proposal" for introducing negative indicators and phasing
 out the marking of secure origins entirely:
 >
 >> Secure > 65%: Non-secure origins marked as Dubious
 >> Secure > 75%: Non-secure origins marked as Non-secure
 >> Secure > 85%: Secure origins unmarked

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:38>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list