[tor-bugs] #13410 [Tor Browser]: Disable self-signed certificate warnings when visiting .onion sites
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 18 14:35:45 UTC 2015
#13410: Disable self-signed certificate warnings when visiting .onion sites
-----------------------------+----------------------
Reporter: tom | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+----------------------
Comment (by vynX):
Browsers must not attempt to resolve .onion via DNS. If that is a given,
then MITM attempts using DNS + fake .onion certificates while there is no
Tor onion involved at all are incapable of succeeding. So the work to be
done is to get all browser vendors to implement .onion in a failsafe way.
I believe @ioerror's and @grothoff's IETF drafts for .onion TLD mention
that... it's also important that .onion isn't the only pseudo-TLD that
gets excluded from the X.509 monstrosity since we don't want to get stuck
on .onion for all times.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13410#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list