[cabfpub] Ballot 144 -.onion domains

Tom Ritter tom at ritter.vg
Fri Feb 13 19:38:28 UTC 2015


On 13 February 2015 at 13:25, kirk_hall at trendmicro.com
<kirk_hall at trendmicro.com> wrote:
> Maybe you're right on that point, Gerv.
>
> One other question:   Does Tor do revocation checking for .onion certs?  I'm guessing not for privacy reasons...  I know some browsers have given up some revocation checking (a mistake in my opinion), but if we know an application never checks for revocation as a matter of policy, that would concern me.  There would be no way to remove a bad cert (used for fraud or abuse, or misissued to the wrong party) from the Tor system, even if the CA revokes it.


I do not believe that Tor Browser edits Firefox's configuration for
revocation.

I expected to see something here:
https://gitweb.torproject.org/tor-browser.git/tree/browser/app/profile/000-tor-browser.js?h=tor-browser-31.4.0esr-4.5-1
- but the absence and other bug reports I've seen make me believe it's
left as the default.

-tom



More information about the Public mailing list