[tor-bugs] #13410 [Applications/Tor Browser]: Disable self-signed certificate warnings when visiting .onion sites
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 21 07:19:32 UTC 2018
#13410: Disable self-signed certificate warnings when visiting .onion sites
--------------------------------------+--------------------------
Reporter: tom | Owner: tbb-team
Type: defect | Status: reopened
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cypherpunks):
@pastly
Your argument is not valid at all, because you're saying onion is MITMed
somehow.
.onion is secure. If it's not secure, then why the Tor Project ignore
mixed content for .onions?
If HTTP .onion is not secure, you should verify each connection.
HTTP .onion is secure >> then >> HTTPS .onion shall be secured because
cert data is transported via HTTP channel.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13410#comment:23>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list