[HTTPS-E Rulesets] [HTTPS-Everywhere] reddit.com wants EFF to disable HTTPS???
Alex Xu
alex_y_xu at yahoo.ca
Sun Aug 7 08:23:16 PDT 2011
You either have certificate checking disabled, are using a failure of a
browser (read: IE/mobile browser), or both of the above.
On 2011-08-07 3:06 AM, Victor Garin wrote:
> As of this time, its working for me.
>
> I can access Reddit via https://pay.reddit.com/ with out any Cert errors.
>
> I even signed up for an account right now there, and was able to use
> Reddit perfectly fine using https://pay.reddit.com/ server.
>
> I also used Tor, Exit Nodes located in different countries, and was
> still NOT able to reproduce the error.
>
> Have you been in touch with Akamai regarding this issue? What did they say?
>
> They are considered 'premium' for a reason I hope.
>
> On Sat, Aug 6, 2011 at 11:38 PM, Neil Williams<neil at reddit.com> wrote:
>> Two additional reports, this time specifically of cert errors:
>>
>> http://redd.it/jak59
>> http://redd.it/jb27e
>>
>> On Sat, Aug 6, 2011 at 11:32 PM, Neil Williams<neil at reddit.com> wrote:
>>>> Neil, can you please post to the Rules Mailing List next time
>>>
>>> My apologies.
>>>
>>>>
>>>> pay.reddit.com works fine for me....
>>>>
>>>> www.reddit.com == pay.reddit.com same content in HTTPS.
>>>>
>>>> Can you also point out where exactly (which URL) there is a bug when
>>>> the current ruleset is used?
>>>>
>>>
>>> There have been a flood of reports of SSL certificate issues when
>>> using pay.reddit.com in the last few days. In most of the cases I've
>>> seen, it's because they're using HTTPS Everywhere and it's using
>>> pay.reddit.com. You can see the reports here:
>>>
>>> http://www.reddit.com/search?q=pay.reddit.com
>>>
>>> My understanding is that it's related to our CDN, Akamai, and so it
>>> may vary based on which edge server you get and whether or not you're
>>> logged in.
>>>
>>>> The reasons for using HTTPS are many including to prevent snooping on
>>>> the TOR Network.
>>>
>>> I completely agree that HTTPS is the way to go and we will make it
>>> available to all as soon as our infrastructure is configured to do it
>>> without causing issues for our users. At the moment, it only works on
>>> a subset of pages that are disallowed from using edge-caching (the pay
>>> pages which are used for credit card processing).
>>>
>>>> Removing/Disabling the whole site (when it is working) goes against
>>>> all the principles that EFF stands for. Unless it doesn't work it
>>>> should not be removed.
>>>
>>> I'm asking for the rules to be disabled because it's causing issues
>>> for our users as is amply supported by the many complaints on our
>>> site, not because we disagree with the use of HTTPS.
>>>
>>
> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere
More information about the HTTPS-Everywhere-Rules
mailing list