[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]
From: Arjan <n6bc23cpcduw@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 23 Feb 2009 21:29:33 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 23 Feb 2009 15:29:37 -0500
In-reply-to: <4ef5fec60902231119s2cccd1bcwdfb3313046b2a988@xxxxxxxxxxxxxx>
References: <4ef5fec60902231119s2cccd1bcwdfb3313046b2a988@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.19 (X11/20090105)

coderman wrote:
> On Thu, Feb 19, 2009 at 4:17 AM, Erilenz <erilenz@xxxxxxxxx> wrote:
>> ...
[...]
>> I wonder if something could/should be built into TorButton to force a list of
>> commonly used services to go entirely over https? Eg any request for
>> ^http://mail\.google\.com/.*$
> 
> a plugin to enforce secure cookies and https only operation for some
> domains would be useful.  i don't know of any that do this kind of
> thing yet...

Noscript has some options (Options, Advanced, HTTPS) that may help.
Disclaimer: I've not used these options and I don't know if it's secure.

Follow-Ups:
- Re: Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]
  - From: coderman

References:
- Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]
  - From: coderman

Prev by Author: Re: aes performance
Next by Author: Re: Tor-ramdisk 20090131 is out
Previous by thread: Re: Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]
Next by thread: Re: Avoiding HTTPS pitfalls [was: Re: Moxie Marlinspike]
Index(es):
- Author
- Thread