Open tildelowengrimm opened 5 years ago
Relevant Tor Browser discussion: https://trac.torproject.org/projects/tor/ticket/23247
Why is this marked as P4? It definitely blocks the ability to use the subtle crypto API on onion sites which is pretty limiting. Especially since SSL certs are onerous to set up and in this case unnecesary, since onions are self authenticating.
Bump - would really like to use Brave more, but this is a major blocker for me and I know I'm not alone. Any updates?
2nd annual bump - this issue seems to get mentioned a lot, any traction?
Yeah this feels like it'd be a small change, I know there was a branch for it a while back. Maybe if the maintainers had some advice on how to tackle this as an outside contributor that could be really helpful for anyone watching this thread.
I literally have to stop using Brave because of this issue. Please address it!
My service is impacted by this issue and it is forcing me to recommend the Tor browser over Brave, which I would prefer not to.
Tor onion services don't have an HTTPS transport. But the onion services protocol provides more substantial confidentiality, integrity, and authenticity guarantees than HTTPS (in addition to anonymity). We should treat these connections as at least as secure as HTTPS origins, and provide an appropriate connection status indicator.