[HTTPS-E Rulesets] [HTTPS-Everywhere] reddit.com wants EFF to disable HTTPS???

Tue Aug 9 15:48:58 PDT 2011

How are you going to filter HTTPS-Everywhere requests?

On 8 August 2011 18:55, Neil Williams <neil at reddit.com> wrote:
> I'm not really sure what you want me to say here, Victor. We continue
> to get complaints from users of your extension (another example since
> the last email: http://redd.it/jb6ek). Our mainline HTTPS support is
> not going to change in the near future (it's a medium-term goal). So
> since you're adamant about not removing the rule, we're going to have
> to continue telling our users that HTTPS Everywhere is at fault for
> sending them to a system not designed for their traffic, and probably
> will end up blocking the requests altogether, though I'm loathe to do
> either of those things.
>
> On Sun, Aug 7, 2011 at 12:06 AM, Victor Garin <vic.garin at gmail.com> wrote:
>> As of this time, its working for me.
>>
>> I can access Reddit via https://pay.reddit.com/ with out any Cert errors.
>>
>> I even signed up for an account right now there, and was able to use
>> Reddit perfectly fine using https://pay.reddit.com/ server.
>>
>> I also used Tor, Exit Nodes located in different countries, and was
>> still NOT able to reproduce the error.
>>
>> Have you been in touch with Akamai regarding this issue? What did they say?
>>
>> They are considered 'premium' for a reason I hope.
>>
>> On Sat, Aug 6, 2011 at 11:38 PM, Neil Williams <neil at reddit.com> wrote:
>>> Two additional reports, this time specifically of cert errors:
>>>
>>> http://redd.it/jak59
>>> http://redd.it/jb27e
>>>
>>> On Sat, Aug 6, 2011 at 11:32 PM, Neil Williams <neil at reddit.com> wrote:
>>>>> Neil, can you please post to the Rules Mailing List next time
>>>>
>>>> My apologies.
>>>>
>>>>>
>>>>> pay.reddit.com works fine for me....
>>>>>
>>>>> www.reddit.com == pay.reddit.com same content in HTTPS.
>>>>>
>>>>> Can you also point out where exactly (which URL) there is a bug when
>>>>> the current ruleset is used?
>>>>>
>>>>
>>>> There have been a flood of reports of SSL certificate issues when
>>>> using pay.reddit.com in the last few days. In most of the cases I've
>>>> seen, it's because they're using HTTPS Everywhere and it's using
>>>> pay.reddit.com. You can see the reports here:
>>>>
>>>> http://www.reddit.com/search?q=pay.reddit.com
>>>>
>>>> My understanding is that it's related to our CDN, Akamai, and so it
>>>> may vary based on which edge server you get and whether or not you're
>>>> logged in.
>>>>
>>>>> The reasons for using HTTPS are many including to prevent snooping on
>>>>> the TOR Network.
>>>>
>>>> I completely agree that HTTPS is the way to go and we will make it
>>>> available to all as soon as our infrastructure is configured to do it
>>>> without causing issues for our users. At the moment, it only works on
>>>> a subset of pages that are disallowed from using edge-caching (the pay
>>>> pages which are used for credit card processing).
>>>>
>>>>> Removing/Disabling the whole site (when it is working) goes against
>>>>> all the principles that EFF stands for. Unless it doesn't work it
>>>>> should not be removed.
>>>>
>>>> I'm asking for the rules to be disabled because it's causing issues
>>>> for our users as is amply supported by the many complaints on our
>>>> site, not because we disagree with the use of HTTPS.
>>>>
>>>
>>
> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere
>