Opened 13 months ago

Last modified 7 months ago

#31899 new task

Hook .onion with URI_IS_POTENTIALLY_TRUSTWORTHY?

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: TorBrowserTeam202006
Cc: Actual Points:
Parent ID: #21728 Points: 2.5
Reviewer: Sponsor: Sponsor27

Description (last modified by gk)

There is the idea that the check whether a particular origin is trustworthy should consider the URI flags. We should think about how that fits into our particular model of declaring .onions to a potentially trustworthy origin.

See: https://bugzilla.mozilla.org/show_bug.cgi?id=1328695.

Child Tickets

Change History (8)

comment:1 Changed 12 months ago by gk

Description: modified (diff)

comment:2 Changed 12 months ago by sysrqb

Keywords: TorBrowserTeam202001 added

comment:3 Changed 11 months ago by pili

Sponsor: Sponsor27

comment:4 Changed 11 months ago by pili

Points: 2.5

comment:5 Changed 10 months ago by sysrqb

For context, the spec describes this as "A potentially trustworthy origin is one which a user agent can generally trust as delivering data securely".

This includes authenticated and encrypted channels, such as schemes https and wss. This also includes "internal" channels such as local resource, file, and about.

Considering our work on elevating the security of URLs with the .onion TLD within the browser, I think we can reasonably argue loading a .onion URL as a secure context (and therefore adding the URI flag).

comment:6 Changed 9 months ago by pili

Keywords: TorBrowserTeam202002 added; TorBrowserTeam202001 removed

Moving tickets to February

comment:7 Changed 8 months ago by pili

Keywords: TorBrowserTeam202003 added; TorBrowserTeam202002 removed

We are no longer in February, moving tickets

comment:8 Changed 7 months ago by sysrqb

Keywords: TorBrowserTeam202006 added; TorBrowserTeam202003 removed

Move tickets to 2020 June

Note: See TracTickets for help on using tickets.