[cabfpub] Ballot 144 -.onion domains
Tom Ritter
tom at ritter.vg
Fri Feb 13 19:38:28 UTC 2015
On 13 February 2015 at 13:25, kirk_hall at trendmicro.com
<kirk_hall at trendmicro.com> wrote:
> Maybe you're right on that point, Gerv.
>
> One other question: Does Tor do revocation checking for .onion certs? I'm guessing not for privacy reasons... I know some browsers have given up some revocation checking (a mistake in my opinion), but if we know an application never checks for revocation as a matter of policy, that would concern me. There would be no way to remove a bad cert (used for fraud or abuse, or misissued to the wrong party) from the Tor system, even if the CA revokes it.
I do not believe that Tor Browser edits Firefox's configuration for
revocation.
I expected to see something here:
https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-31.4.0esr-4.5-1
- but the absence and other bug reports I've seen make me believe it's
left as the default.
-tom
More information about the Public
mailing list