[HTTPS-E Rulesets] Fwd: Exception to HTTPs Everywhere

[Peter Eckersley]

I'd like to get back to the W3C about this, but I'm initially confused because
we don't seem to be shipping any relevant rulesets in either the stable or
development branches. 

pde at tapdance:~/https-everywhere/src/chrome/content/rules$ grep -i w3\.org *
pde at tapdance:~/https-everywhere/src/chrome/content/rules$ grep -i w3c *

Anyone know what's up?

----- Forwarded message from Ted Guild <ted at w3.org> -----

Date: Sun, 15 May 2011 15:54:27 +0200
From: Ted Guild <ted at w3.org>
To: Peter Eckersley <pde at eff.org>
Cc: Jose Kahan <jose.kahan at w3.org>, w3t-archive <w3t-archive at w3.org>,
	information at eff.org
Subject: Exception to HTTPs Everywhere
X-Mailer: Evolution 2.32.2

Peter,

We are getting ready to deploy selective SSL switching at W3C. Whenever
credentials are required or content is intended to be confidential our
access control system will automatically redirect the user to the
corresponding HTTPS uri.  Any content that is open to the public and
doesn't send session data will be served via HTTP, redirecting to HTTP
if the user accesses a HTTPS link (eg following a relative link).

While many sites send information they shouldn't in the clear, we are
going to apply SSL correctly.  We get an excessive amount of traffic (up
to 1/2 billion per day for DTD and schemata alone) and would rather not
have to serve content more costly through SSL than we have to.  As such
please add w3.org to an exception list so that HTTPs Everywhere does not
compete with our server side redirection.

We are already finding issues with our SSL switching scheme and
unintended traffic from HTTPs Everywhere before we put this SSL
switching into full production.

Regards,

-- 
Ted Guild <ted at w3.org>
W3C Systems Team
http://www.w3.org



----- End forwarded message -----

-- 
Peter Eckersley                            pde at eff.org
Senior Staff Technologist         Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993