[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #9868 [EFF-HTTPS Everywhere]: Stop bundling rulesets with extension, download separately instead (like ABP)



#9868: Stop bundling rulesets with extension, download separately instead (like
ABP)
----------------------------------+---------------------
 Reporter:  micahlee              |          Owner:  pde
     Type:  enhancement           |         Status:  new
 Priority:  normal                |      Milestone:
Component:  EFF-HTTPS Everywhere  |        Version:
 Keywords:                        |  Actual Points:
Parent ID:  #9769                 |         Points:
----------------------------------+---------------------
 Right now HTTPS Everywhere is bundled with a the file
 src/chrome/content/rules/default.rulesets (~3.2mb), which is a a
 concatenated list of all the xml ruleset files.

 Instead we should act more like Adblock Plus, where the extension
 downloads the ruleset list on first install, and then regularly checks for
 updates. This is a prerequisite to #9769, so that we'll be able to release
 ruleset fixes without going through Mozilla's extension update approval
 process.

 Right now we use an air-gapped signing machine to sign xpi and crx
 packages. I think we should use this same key to sign ruleset updates,
 which would probably mean some sort of signature verification in
 javascript.

 There's also the question of where to host the ruleset updates. Right now
 the xpi file is hosted at https://www.eff.org/, but we're setting up a new
 server for #7075 to receive buggy ruleset reports. Would it make sense to
 use that server instead? There are privacy issues with making browsers
 load from an HTTPS-E specific domain name (ruleset updates can be
 censored), but I think it would be cleaner from a network architecture
 perspective, especially since EFF's website traffic is a different beast
 from HTTPS Everywhere update traffic.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9868>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs