[HTTPS-E Rulesets] reddit.com wants EFF to disable HTTPS???

Neil Williams neil at reddit.com
Sat Aug 6 23:32:37 PDT 2011


> Neil, can you please post to the Rules Mailing List next time

My apologies.

>
> pay.reddit.com works fine for me....
>
> www.reddit.com == pay.reddit.com same content in HTTPS.
>
> Can you also point out where exactly (which URL) there is a bug when
> the current ruleset is used?
>

There have been a flood of reports of SSL certificate issues when
using pay.reddit.com in the last few days. In most of the cases I've
seen, it's because they're using HTTPS Everywhere and it's using
pay.reddit.com. You can see the reports here:

http://www.reddit.com/search?q=pay.reddit.com

My understanding is that it's related to our CDN, Akamai, and so it
may vary based on which edge server you get and whether or not you're
logged in.

> The reasons for using HTTPS are many including to prevent snooping on
> the TOR Network.

I completely agree that HTTPS is the way to go and we will make it
available to all as soon as our infrastructure is configured to do it
without causing issues for our users. At the moment, it only works on
a subset of pages that are disallowed from using edge-caching (the pay
pages which are used for credit card processing).

> Removing/Disabling the whole site (when it is working) goes against
> all the principles that EFF stands for. Unless it doesn't work it
> should not be removed.

I'm asking for the rules to be disabled because it's causing issues
for our users as is amply supported by the many complaints on our
site, not because we disagree with the use of HTTPS.



More information about the HTTPS-Everywhere-Rules mailing list