Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Treat HTTP onion services as secure origins #1135

Open
tildelowengrimm opened this issue Sep 15, 2018 · 7 comments
Open

Treat HTTP onion services as secure origins #1135

tildelowengrimm opened this issue Sep 15, 2018 · 7 comments
Assignees
@arthuredelstein
Labels
feature/tor OS/Desktop priority/P3 The next thing for us to work on. It'll ride the trains. QA/Yes release-notes/include

Comments

@tildelowengrimm
Copy link
Contributor

Tor onion services don't have an HTTPS transport. But the onion services protocol provides more substantial confidentiality, integrity, and authenticity guarantees than HTTPS (in addition to anonymity). We should treat these connections as at least as secure as HTTPS origins, and provide an appropriate connection status indicator.
@tildelowengrimm tildelowengrimm added feature/tor design A design change, especially one which needs input from the design team design/needs-mock-up needs-mockup A feature which needs design mockup to be implemented. labels Sep 15, 2018
@tildelowengrimm tildelowengrimm modified the milestones: 2.x Backlog, 1.x Backlog Sep 15, 2018
@tildelowengrimm tildelowengrimm added the priority/P4 Planned work. We expect to get to it "soon". label Oct 30, 2018
@rebron rebron removed this from the 1.x Backlog milestone Feb 7, 2019
@riastradh-brave
Copy link
Contributor

Relevant Tor Browser discussion: https://trac.torproject.org/projects/tor/ticket/23247

riastradh-brave added a commit to brave/brave-core that referenced this issue May 10, 2019
@riastradh-brave
WIP: Treat .onion domains as secure origins through Tor.
6d5cbf5 
fix brave/brave-browser#1135
@riastradh-brave riastradh-brave mentioned this issue May 10, 2019
Closed
28 tasks
riastradh-brave added a commit to brave/brave-core that referenced this issue May 24, 2019
@riastradh-brave
WIP: Treat .onion domains as secure origins through Tor.
a134338 
fix brave/brave-browser#1135
riastradh-brave added a commit to brave/brave-core that referenced this issue Jun 19, 2019
@riastradh-brave
WIP: Treat .onion domains as secure origins through Tor.
50a048f 
fix brave/brave-browser#1135
@ProofOfKeags
Copy link

Why is this marked as P4? It definitely blocks the ability to use the subtle crypto API on onion sites which is pretty limiting. Especially since SSL certs are onerous to set up and in this case unnecesary, since onions are self authenticating.

@IstoraMandiri IstoraMandiri mentioned this issue Feb 11, 2021
Open
@kn0wmad
Copy link

kn0wmad commented Jun 16, 2021

Bump - would really like to use Brave more, but this is a major blocker for me and I know I'm not alone. Any updates?

@kejsitake kejsitake mentioned this issue Jul 20, 2021
Closed
This was referenced Sep 2, 2021
Closed
Closed
Closed
@Tonev Tonev mentioned this issue Sep 3, 2021
Closed
This was referenced Sep 3, 2021
Closed
Closed
Closed
Closed
Closed
@ygoe ygoe mentioned this issue Sep 5, 2021
Closed
@UjCbFwtBayFM UjCbFwtBayFM mentioned this issue Sep 6, 2021
Closed
@tallpants tallpants mentioned this issue Sep 7, 2021
Open
@stephendonner stephendonner mentioned this issue Sep 13, 2021
Closed
@ghost ghost mentioned this issue Sep 14, 2021
Closed
@DefiDebauchery DefiDebauchery mentioned this issue Sep 14, 2021
Open
@FWangZil FWangZil mentioned this issue Sep 14, 2021
Closed
@LanceTrahan LanceTrahan mentioned this issue Sep 15, 2021
Closed
This was referenced Sep 20, 2021
Closed
Closed
Closed
Closed
@rewolf rewolf mentioned this issue Oct 7, 2021
Open
@fmarier fmarier mentioned this issue Nov 10, 2021
Draft
This was referenced Mar 31, 2022
Open
Open
Closed
@kn0wmad
Copy link

kn0wmad commented Jul 24, 2022
edited
Loading

2nd annual bump - this issue seems to get mentioned a lot, any traction?

@ProofOfKeags
Copy link

Yeah this feels like it'd be a small change, I know there was a branch for it a while back. Maybe if the maintainers had some advice on how to tackle this as an outside contributor that could be really helpful for anyone watching this thread.

@diracdeltas diracdeltas added priority/P3 The next thing for us to work on. It'll ride the trains. and removed priority/P4 Planned work. We expect to get to it "soon". design A design change, especially one which needs input from the design team design/needs-mock-up needs-mockup A feature which needs design mockup to be implemented. labels Oct 11, 2022
@kdenhartog kdenhartog mentioned this issue Oct 12, 2022
Merged
25 tasks
@ffejb
Copy link

ffejb commented Jan 12, 2023

I literally have to stop using Brave because of this issue. Please address it!

@jaw-sh
Copy link

jaw-sh commented Apr 25, 2023

My service is impacted by this issue and it is forcing me to recommend the Tor browser over Brave, which I would prefer not to.

@arthuredelstein arthuredelstein self-assigned this May 1, 2023
@arthuredelstein arthuredelstein mentioned this issue May 2, 2023
Merged
25 tasks
@fmarier fmarier mentioned this issue Oct 19, 2023
Open
@arthuredelstein arthuredelstein mentioned this issue Oct 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@arthuredelstein arthuredelstein

Labels
feature/tor OS/Desktop priority/P3 The next thing for us to work on. It'll ride the trains. QA/Yes release-notes/include
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

WIP: Treat .onion domains as secure origins through Tor. brave/brave-core
9 participants
@arthuredelstein @diracdeltas @tildelowengrimm @ProofOfKeags @rebron @jaw-sh @ffejb @riastradh-brave @kn0wmad