[HTTPS-E Rulesets] Comments on multiple rulesets (9-Dec)

Christopher Liu cmliu00151 at gmail.com
Fri Dec 9 17:34:33 PST 2011


To whom it may concern:

As usual, I will remind you that because I've been busy with
schoolwork, I haven't been keeping up with development builds and
haven't gotten Git set up yet. With that said:

The following rulesets are causing breakage:
Blip (is now breaking embedded videos - pages with affected videos
include http://www.blisteredthumbs.net/2011/06/wvg-momoko/ and
http://www.heisanevilgenius.com/wvg/index.php )
Lenovo (Some links on the homepage https://www.lenovo.com/us/en/ use
protocol-relative URIs, even though the domains in question don't seem
to accept https connections, e.g. news.lenovo.com - Not sure if this
is actionable)
WHO.int (cert error)

The following are requests for expansion to existing rulesets:
Vimeo now supports https for embedded videos. This can be done by
rewriting http :// player. vimeo. com/video/ to https on the same
domain/path. (The Vimeo website itself makes other, unrelated requests
to player. vimeo. com, which may not be safe to rewrite, which is why
the "video" folder is included.)
www.youtube-nocookie.com now appears to support https.
Flickr now uses a set of domains farm#.staticflickr. com to hold image
data (note the absence of a period between "static" and "flickr"). The
digits 1 through 8 appear to exist, but this might not be
comprehensive, i.e. it is best to handle 9 as well for futureproofing.
Both the old static.flickr and the new staticflickr are currently
functional in https.

Other clarifications to things I submitted before:
Khronos - please remove the slash immediately after "login" from both
the from and to fields. The homepage seems to have been redesigned at
some point, and the relevant links no longer have the slash.
I previously said that the McAfee ruleset was substantially broken,
but images. scanalert. com still works in https.

Again, thank you very much for your time and help.

C. Liu



More information about the HTTPS-Everywhere-Rules mailing list