[tor-bugs] #23247 [Applications/Tor Browser]: Communicating security expectations for .onion: what to say about different padlock states for .onion services
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 6 13:18:23 UTC 2019
#23247: Communicating security expectations for .onion: what to say about different
padlock states for .onion services
-------------------------------------------------+-------------------------
Reporter: isabela | Owner:
| pospeselr
Type: project | Status: closed
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution: fixed
Keywords: ux-team, tor-hs, | Actual Points:
TorBrowserTeam201806R |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Description changed by antonela:
Old description:
> = Background =
>
> Firefox (and other browsers) have created a set of states a site can have
> in relationship with ssl certificates, and how to communicate that to the
> user.
>
> Currently, Tor Browser doesn't communicate ideally to users that visit
> onion sites--i.e. http + onion looks really scary with lots of warnings!
> This is something that was discussed under #21321. We then realized that
> we should look at all the different state + .onion combinations, and
> carefully communicate what these mean to the user.
>
> = Objective =
>
> The work on this ticket is to map all the current states Firefox has for
> ssl certificates on the padlock, and from there start to build a new way
> to communicate these states when they are related to a .onion sites. We
> started mapping them here:
>
> https://docs.google.com/document/d/1KHkj2DpmFMB0mjHEfehD5ztY2L0lQzKNtZqct1TXbmg/edit
>
> Is still pending the most difficult part of the work, which is to define
> what to do for .onion sites on those states.
New description:
= Background =
Firefox (and other browsers) have created a set of states a site can have
in relationship with ssl certificates, and how to communicate that to the
user.
Currently, Tor Browser doesn't communicate ideally to users that visit
onion sites--i.e. http + onion looks really scary with lots of warnings!
This is something that was discussed under #21321. We then realized that
we should look at all the different state + .onion combinations, and
carefully communicate what these mean to the user.
= Objective =
The work on this ticket is to map all the current states Firefox has for
ssl certificates on the padlock, and from there start to build a new way
to communicate these states when they are related to a .onion sites. We
started mapping them here:
https://docs.google.com/document/d/1KHkj2DpmFMB0mjHEfehD5ztY2L0lQzKNtZqct1TXbmg/edit
Is still pending the most difficult part of the work, which is to define
what to do for .onion sites on those states.
= Final Version =
https://docs.google.com/document/d/1bPrNLIl7Qy-
sA7aTfElu80Xk2eXzTfH_5BGTOUDK8XU/edit
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23247#comment:82>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list