[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #6485 [EFF-HTTPS Everywhere]: Default rules to off (or partial marked) for less than 100% https sites



#6485: Default rules to off (or partial marked) for less than 100% https sites
----------------------------------+-----------------------------------------
 Reporter:  grarpamp              |          Owner:  pde
     Type:  defect                |         Status:  new
 Priority:  major                 |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------
 Assuming a goal of HTTPS-E is to avoid exposing the general user to much
 risk, let us not enable by default rulesets which do not offer 100%
 encryption coverage of a site experience.

 A happy pretty green checkmark by a ruleset seems to imply that...
 - authentication login tokens are safe
 - session info (cookie, SID, etc) is safe
 - content is safe

 Yet some rulesets are happy green pretty when no such guarantee is
 provided by said rules. Not to mention exposing fallback can occur when
 rule breaks since there is currently no 'do not fallback' option.

 So default them off, or deploy another indicator for them.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6485>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs