[tor-dev] SOOC (Same Origin Onion Certificates) discussion tomorrow

Richard Pospesel richard at torproject.org
Mon Mar 9 20:10:01 UTC 2020


Hi Everyone,

The current UX situation around HTTPS-enabled onionsites is not the
best: Tor Browser shows security warning splash screens and icons in
scenarios that do not warrant them. On top of that, the only way for
your onion site to not show these warnings is by getting an EV cert
which is only practical if you have the $$$.

alecmuffet's SOOC proposal (
https://github.com/alecmuffett/onion-dv-certificate-proposal/blob/master/text/draft-muffett-same-origin-onion-certificates.txt
) does seem to fix these UX problems for us. Though the proposal is
still incomplete, we can make forward progress with a prototype
implementation as the certificate specification is fully fleshed out.

We'll be talking about this tomorrow during the Sponsor 27 meeting
tomorrow on Tuesday 10th May @ 1500UTC in #tor-meeting. Please feel free
to come by if you wish to discuss.

best,
-Richard

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20200309/13be83c6/attachment.sig>


More information about the tor-dev mailing list