[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #15763 [HTTPS Everywhere/EFF-HTTPS Everywhere]: Need whitelist entry for www.fark.com and total.fark.com
#15763: Need whitelist entry for www.fark.com and total.fark.com
-------------------------------------+-------------------------------------
Reporter: bit0mike | Owner: (none)
Type: defect | Status: reopened
Priority: Medium | Milestone: HTTPS-E next Chrome
Component: HTTPS Everywhere/EFF- | release
HTTPS Everywhere | Version:
Severity: Blocker | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------+-------------------------------------
Comment (by cypherpunks):
Hi, thanks a bunch for following up with this!
Your almost complete switch to HTTPS does not eliminate for a rule in
HTTPS Everywhere. HTTPS Everywhere still adds an additional protection
against attacks such as SSLstrip. Also, as opposed to HSTS, it does not
rely on a trust of first use scheme.
The only equivalent protection would be to HSTS preload the entire domain
but that's not an option here since you said that some subdomains
don't/won't support HTTPS.
The best move here would be for you to edit the ruleset yourself. Simply
add a target for each subdomain that supports HTTPS. More information is
available in our contributing guide: https://github.com/EFForg/https-
everywhere/blob/master/CONTRIBUTING.md.
Otherwise, I can edit this ruleset for you but it would simplify things a
lot if you could provide me with a complete list of subdomains that
support HTTPS.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15763#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs