[HTTPS-E Rulesets] New ruleset for US Dept of Veterans Affairs and an expanded iPerceptions ruleset

mezzanine at Safe-mail.net mezzanine at Safe-mail.net
Fri Mar 2 19:30:35 PST 2012


A ruleset for the US Department of Veterans Affairs and an expanded ruleset for iPerceptions should be available at the git://github.com/galenide/https-everywhere.git repository.

Note: At the US Dept of Veterans Affairs site, the page at http://www1.va.gov/CBO/apps/rates/index.asp has a number of URLs under the "Reasonable Charges Data Tables" heading. Some of these URLs lead to pages that are similar to the one at the http://www1.va.gov/CBO/apps/rates/disclaimer/index.cfm?action=rc&ver=22 URL. On this page, there are a number of documents that the user can view/download. For some of the documents, such as the "Outpatient Dental Professional Nationwide Charges by HCPCS Code" document, it appears that the user must indicate acceptance of one or more "clickwrap" agreements (which are implemented as HTML pages) before being able to view or download the document. From what it appears, once a user has indicated acceptance of the clickwrap agreements, they can (at least for a short period of time) access the same document again without having to go through the agreements. In addition, they may be able to access other documents on the same page that are affected by clickwrap agreements without having to re-indicate acceptance of the agreements. When HTTPS is used, the time period for which the site "remembers" that a user accepted the clickwrap agreements may be shorter; note that I am not familiar with the underlying workings of these pages. (There are some cases of documents being missing altogether (such as the "Professional Services Value Unit (RVU) and Conversion Factor Geographic Area Adjustment Factors (GAAFs) by Zip Code" document on the http://www1.va.gov/CBO/apps/rates/disclaimer/index.cfm?action=rc&ver=22 page) which is a different issue and which does not seem to depend on whether HTTPS is used.) To be sure, the previously mentioned issue with the clickwrap agreement pages may not be all that significant. If worst comes to worst, adding an exclusion for ^http://(www1?\.)?va\.gov/(cbo|CBO)($|/) would be better than having to turn off the entire ruleset by default.

--Richard



More information about the HTTPS-Everywhere-Rules mailing list