[tor-bugs] #15988 [Applications/Tor Browser]: Update Tor Browser design documentation for 6.5

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Mar 2 08:27:09 UTC 2017


#15988: Update Tor Browser design documentation for 6.5
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  gk
     Type:  task                                 |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  GeorgKoppen201702, tbb-spec,         |  Actual Points:
  TorBrowserTeam201703R                          |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:51 cypherpunks]:
 > Well, it's hard to determine whether this spec is about the design goals
 or already implemented features only. So, should feedback be about design
 decisions or about current features only? Thus, let's start with both.

 It's about both in our spec. How can we make that more clear?

 > Tor Browser user needs better handling of https sites, because now
 > > the fact that he's wrong to think that closed padlock assures 100% of
 security.
 > https://wiki.mozilla.org/CA:OCSP-HardFail
 > > we don't do OCSP fetching for intermediates unless the user configures
 several things in about:config.
 > https://bugzilla.mozilla.org/show_bug.cgi?id=803582
 > > firefox doesn't warn the user if SSL certificate lacks revocation
 checking info
 > https://bugzilla.mozilla.org/show_bug.cgi?id=496661

 I think these things are good ones getting fixed upstream. In which
 section in our design document would they fit?

 > In the Security Slider section description of Medium Settings mentions
 that {{{media.webaudio.enabled}}} is used, but it was removed from the
 Firefox codebase long ago.

 That's actually not a spec bug (yet) as we are setting this on the medium
 level. That said, I opened #21601 to get that fixed.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15988#comment:52>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list