[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #6485 [EFF-HTTPS Everywhere]: Default rules to off (or partial marked) for less than 100% https sites

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #6485 [EFF-HTTPS Everywhere]: Default rules to off (or partial marked) for less than 100% https sites
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Thu, 02 Aug 2012 23:36:26 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 02 Aug 2012 19:35:47 -0400
In-reply-to: <048.1407140d843c32d988e1f76e993da701@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <048.1407140d843c32d988e1f76e993da701@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#6485: Default rules to off (or partial marked) for less than 100% https sites
-------------------------------------+--------------------------------------
    Reporter:  grarpamp              |       Owner:  pde   
        Type:  defect                |      Status:  closed
    Priority:  major                 |   Milestone:        
   Component:  EFF-HTTPS Everywhere  |     Version:        
  Resolution:  wontfix               |    Keywords:        
      Parent:                        |      Points:        
Actualpoints:                        |  
-------------------------------------+--------------------------------------
Changes (by pde):

  * status:  new => closed
  * resolution:  => wontfix


Comment:

 The browser UI should indicate the difference between full HTTPS and mixed
 content.  Chrome still does this clearly, but Firefox has unfortunately
 moved in the wrong direction.  If you want to file a bugzilla bug calling
 for clearer HTTPS UI, please send the bug ID and we'll happily weigh in
 there :).

 In the mean time, I'm going to mark this WONTFIX.  Partial HTTPS can offer
 useful defenses against passive surveillance adversaries, so we want to
 keep it there.  Also, _some_ of the partial rulesets with <securecookie>
 tags offer genuine and significant protection even against active
 adversaries (though it depends on what type of content is loaded via HTTP,
 of course).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6485#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #6524 [Tor Client]: [PATCH] move to non-recursive make
Next by Author: Re: [tor-bugs] #5785 [EFF-HTTPS Everywhere]: www.mail-archive.com https not working
Previous by thread: Re: [tor-bugs] #6441 [TorBirdy]: custom proxy settings lost after restart, user.js ignored
Next by thread: Re: [tor-bugs] #5785 [EFF-HTTPS Everywhere]: www.mail-archive.com https not working
Index(es):
- Author
- Thread