[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: HTTPS Everywhere Firefox addon

Thus spake Runa A. Sandvik (runa.sandvik@xxxxxxxxx):

> On Fri, May 28, 2010 at 4:34 AM, Mike Perry <mikeperry@xxxxxxxxxx> wrote:
> > The eventual idea is to allow an Adblock Plus style model, where users
> > can submit and exchange rule files and eventually create subscriptions
> > for the sites they use that partially support SSL.
> Have you seen https://crypto.stanford.edu/forcehttps/ ? (I haven't
> read the paper and I don't know much about it, but it might be worth a
> look).

Yeah, this addon doesn't have a UI. It was a research implementation
of the server-specified STS protocol (and the original source of this
idea), which allows servers to specify the browser use HTTPS for
certain paths. Our code is based on the NoScript implementation of
STS, which was also amenable to creating rules.


Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgppzLMj2O6wx.pgp
Description: PGP signature