[HTTPS-E Rulesets] Suggested enhancements (affecting Adobe, Apple, Barnes & Noble, Flickr, Mozilla, UCSD, Wikipedia)

Colonel Graff graffatcolmingov at gmail.com
Sat May 5 12:18:05 PDT 2012


On Fri, Apr 20, 2012 at 2:32 PM, Christopher Liu <cmliu00151 at gmail.com> wrote:
> To whom it may concern:
>
> As a reminder, I am using Firefox and have not tested anything in
> Chrome. I have examined the 3.0development.1 release but have been too
> busy to keep up with all the Git commits.
>
> New rulesets containing trivial rewrites appear to be possible for the
> following:
>
> ajax.aspnetcdn.com (owned by Microsoft but can be used on other sites,
> so it should probably have its own ruleset)
> American Civil Liberties Union - www.aclu.org
Was already done.
> Better Business Bureau - www.bbb.org
This too.
> BurstNET - www.burst.net (known to be valid both with and without www;
> no need to redirect one to the other)
Did this for you.
> ChevronWP7 Labs - labs.chevronwp7.com
Did this for you.
> dvcs.w3.org
Held off on this because I'm fairly certain the W3C asked us not to
use the ruleset for their sites by default.
> Michigan State University - www.msu.edu (I have never attended this
> university, so I haven't tested further. Ruleset should have "partial"
> in its name)
I started a ruleset for this but it's default_off. I'm going to slowly
chip away at the obvious exclusions that will be needed. Hopefully
some MSU students can help us out by submitting other links that
aren't https as they come across them.
> Qrobe.it - qrobe.it q1.qrobe.it q2.qrobe.it q3.qrobe.it news.qrobe.it
> tam.qrobe.it (consider using \d to future-proof against other qNUMBER
> subdomains. Do not browse directly to the qNUMBER subdomains; they are
> only used for certain subrequests)
Done
> Some parts of Stanford University - ccrma.stanford.edu
> fah-web.stanford.edu (I have never attended Stanford, so I haven't
> tested further)
The former was already covered, the latter doesn't support HTTPS as
far as I can tell.
> Typekit - typekit.com use.typekit.com use.typekit.net
>
Already covered in the Adobe rule.
> Regarding existing rulesets:
>
> Adobe:
> Add www.macromedia.com - the Flash Player Settings Manager lives there
> Maybe also community.adobe.com - this fixes some mixed content, e.g.
> on https://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
>
> Apple:
> km.support.apple.com -> https://km.support.apple.com.edgekey.net fixes
> most (all?) of the mixed content on support pages
>
Someone already got these
> Barnes and Noble:
> There is a redirector at www.bn.com; I think it exists both
> with/without www and doesn't support https natively. Known URLs
> include www.bn.com (root level) -> www.barnesandnoble.com and
> www.bn.com/orderstatus/ (trailing slash optional) ->
> https://cart4.barnesandnoble.com/account/request.aspx?stage=orderStatus
> I can see some other potential improvements, though I'd better wait
> until I have a chance to test buying a book.
>
Added bn.com to the ruleset for you. I'm not a customer so I couldn't
test the cart example.
> Flickr:
> It seems I need to clarify what the status is.
> farm#.static.flickr.com and farm#.staticflickr.com both exist with
> valid https. Numbers 1 through 8 currently exist in both sets of
> domains. It is probably best to use \d in case farm9 is added later.
>
> Mozilla:
> Add support.mozilla.org (to which support.mozilla.com now redirects)
> and tbpl.mozilla.org
>
Someone else already got these as well.
> UCSD:
> The changes in this attachment compared to my previous submission include:
> Added webmail.ucsd.edu as a redirect to acs-webmail.ucsd.edu
> Added jacobsstudent.ucsd.edu in the first section (domains which
> already enforce https)
> Added a.ucsd.edu in the second section (domains on which https is
> working but optional)
> Changed www-act to act in the destination page for tritonlink
> (although the old URL currently works as a redirect)
> Changed the troublereport page destination to
> https://a.ucsd.edu/troublereport/ (although the old URL currently
> works as a redirect)
> Changed the file extension shtml to html in the redirect destinations
> on acms.ucsd.edu (although the old URLs currently work as redirects)
> (...if I recall correctly. I may have missed something in this list)
>
I take it you wish the text file you attached to be substituted in for
the old ruleset?

> Wikipedia:
> According to http://wikitech.wikimedia.org/view/Httpsless_domains ,
> the wikimedia.org subdomains fenari, noc, observium, svn, and stafford
> no longer need exclusions. (I have only checked noc; some of the
> others seem not to be intended for public use.)
>
I know you're only the messenger but stafford.wikimedia.org only has
valid certs for *.opendns.com. That said, the rest seem to have
worked. Fenari requires authentication, but that loaded via https so I
included it.
> Thank you for your time and help.
>
> C. Liu
Thanks for the emails.




More information about the HTTPS-Everywhere-Rules mailing list