[HTTPS-E Rulesets] Exception to HTTPs Everywhere
Peter Eckersley
pde at eff.org
Mon May 16 18:43:44 PDT 2011
Hi Ted,
I don't think that any existing problems at w3.org should be caused by HTTPS
Everywhere, because we don't currently ship a ruleset for the W3C! It's
possible that it's HTTPS Finder, KB SSL Enforcer, or some other browser
extension that probes HTTPS for every domain.
Of course, if you would /like/ to write a rulesets for the subdomains of
w3.org that support HTTPS we'd be happy to ship it ;). The syntax is
documented here:
https://www.eff.org/https-everywhere
Discussion about and submission of rulesets happens on this mailing list:
https://mail1.eff.org/mailman/listinfo/https-everywhere-rules
On Sun, May 15, 2011 at 03:54:27PM +0200, Ted Guild wrote:
> Peter,
>
> We are getting ready to deploy selective SSL switching at W3C. Whenever
> credentials are required or content is intended to be confidential our
> access control system will automatically redirect the user to the
> corresponding HTTPS uri. Any content that is open to the public and
> doesn't send session data will be served via HTTP, redirecting to HTTP
> if the user accesses a HTTPS link (eg following a relative link).
>
> While many sites send information they shouldn't in the clear, we are
> going to apply SSL correctly. We get an excessive amount of traffic (up
> to 1/2 billion per day for DTD and schemata alone) and would rather not
> have to serve content more costly through SSL than we have to. As such
> please add w3.org to an exception list so that HTTPs Everywhere does not
> compete with our server side redirection.
>
> We are already finding issues with our SSL switching scheme and
> unintended traffic from HTTPs Everywhere before we put this SSL
> switching into full production.
>
> Regards,
>
> --
> Ted Guild <ted at w3.org>
> W3C Systems Team
> http://www.w3.org
>
>
--
Peter Eckersley pde at eff.org
Senior Staff Technologist Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-Everywhere-Rules
mailing list