[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sun, 29 Apr 2012 17:35:41 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 29 Apr 2012 13:35:52 -0400
In-reply-to: <050.28065b2f3f36dc797f4ba11c243b839c@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <050.28065b2f3f36dc797f4ba11c243b839c@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5686: Many rules fail to initiate rewrite to https & some that do produce
insecure sessions
-------------------------------------+--------------------------------------
    Reporter:  torcoascor            |       Owner:  pde     
        Type:  defect                |      Status:  reopened
    Priority:  normal                |   Milestone:          
   Component:  EFF-HTTPS Everywhere  |     Version:          
  Resolution:                        |    Keywords:          
      Parent:                        |      Points:          
Actualpoints:                        |  
-------------------------------------+--------------------------------------

Comment(by torcoascor):

 Thanks for your response. I see my HTTPS Everywhere has been updated to
 2.0.3.  However, when I enter www.ibm.com/us/en I do not get a rewrite.
 What appears is the same as what was entered, www.ibm.com/us/en, and there
 is no identity verified in the FF Site Identity Button.

 With regard to the Symantec Ruleset. I had seen in the projects/https-
 everywhere.git/blob the following: [https-
 everywhere.git]/src/chrom/content/rules/Symantec.xml which led me to
 believe that extensive ruleset was in use. Though I now see the annotation
 "Fix various convergence integration & self-signing bugs" associated with
 it and I don't see a recognizable name for it in the HTTPS Everywhere
 control window.

 I ran 21 tests on 18 sites comparing the results between FF with HTTPS
 Everywhere 2.0.3 to Chrome without the beta HTTPS Everywhere. In addition
 to www.ibm.com/us/en I found the following failure on my system to
 rewrite:
 mcafee.com or www.mcafee.com/us/

 But in addition, where rewrites did appear to be correct such as
 nytimes.com to https://www.nytimes.com/, panasonic.com to
 https://www.panasonic.com/ and nokia.com https://www.nokia.com/us-en/ the
 FF Site Identity Button was greyed out indicating site not identified and
 no encrypted session established. Yet if I navigate to those rewritten
 urls using Chrome, the site identify is verified and encryption is present
 though content is mixed.

 I am still researching the possibility I have been infected or that my FF
 installation is corrupted or compromised. However, I have done a short
 version of the same tests on another workstation using www.ibm.com/us/en/
 and www.mcafee.com/us/. Results for ibm and mcafee are the same as on my
 workstation. However, entering www.mcafee.com produces www.mcafee.com/us/
 with the Site ID Button greyed out. Entering www.mcafee.com/us/ produces
 the same result www.mcafee.com/us/ with the Site ID Button greyed out.
 HOWEVER, entering www.mcafee.com/us [notice the final forward slash is
 missing] produces the same result www.mcafee.com/us/ but in this case the
 Site ID Button is blue and contains verified site and encryption
 information. I tried removing the final forward slash from the ibm string
 as www.ibm.com/us/en and www.ibm.com/us but both continue to fail to
 rewrite on both workstations and the Site ID Button is greyed out. For
 both the IBM and the McAfee sites entering the full form https:// url
 results in verified sites and encryption information using FF.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5686#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #5696 [Tor Relay]: AESNI not in use with openssl 1.0.1 on tor 0.2.3.14-alpha
Next by Author: [tor-bugs] #5697 [TorBrowserButton]: Torbrowser crashing
Previous by thread: Re: [tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions
Next by thread: Re: [tor-bugs] #5686 [EFF-HTTPS Everywhere]: Many rules fail to initiate rewrite to https & some that do produce insecure sessions
Index(es):
- Author
- Thread