[HTTPS-E Rulesets] Suggested enhancements (affecting Adobe, Apple, Barnes & Noble, Flickr, Mozilla, UCSD, Wikipedia)

Sun May 6 14:20:33 PDT 2012

On Sun, May 6, 2012 at 4:35 PM, Christopher Liu <cmliu00151 at gmail.com> wrote:
> Colonel Graff,
>
> In response to your questions and concerns:
>
>>> dvcs.w3.org
>> Held off on this because I'm fairly certain the W3C asked us not to
>> use the ruleset for their sites by default.
> So why is a ruleset with default_off not acceptable? Did W3C
> specifically state so? For reference, my request was specific to
> dvcs.w3.org and not for any other W3C domains.
>
True. I'll tuck it into the W3C rule the next chance I get.

>>> Some parts of Stanford University - ccrma.stanford.edu
>>> fah-web.stanford.edu (I have never attended Stanford, so I haven't
>>> tested further)
>> The former was already covered, the latter doesn't support HTTPS as
>> far as I can tell.
> See for example https://fah-web.stanford.edu/projects/FAHClient (which
> appears to be part of a Trac installation). However, I am now aware
> http://fah-web.stanford.edu/cgi-bin/getpasskey.py redirects back to
> http; sorry for not testing that first.
>
No problem. I had only tried simply fah-web.stanford.edu. We can contact them
and ask them if they would kindly fix it.
t
>>> Mozilla:
>>> Add support.mozilla.org (to which support.mozilla.com now redirects)
>>> and tbpl.mozilla.org
>>>
>> Someone else already got these as well.
> Assuming https://gitweb.torproject.org/https-everywhere.git/blob/68ce3ecd4b919bf7cab0117123596800b8bbbb6d:/src/chrome/content/rules/Mozilla.xml
> shows the current status of the ruleset, someone seems to have
> mistakenly typed a 1 (one) instead of an L - that is, t b p 1. "tbpl"
> is an abbreviation for Tinderbox Pushlog.
>
Good catch. Should have caught that myself. It's fixed now.

>>> UCSD:
>>> The changes in this attachment compared to my previous submission include: (redacted for brevity)
>>>
>> I take it you wish the text file you attached to be substituted in for
>> the old ruleset?
> Yes, that is correct.
>
I'll test it and commit it sometime later this week. I have 2 finals tomorrow.

>>> Wikipedia:
>>> According to http://wikitech.wikimedia.org/view/Httpsless_domains ,
>>> the wikimedia.org subdomains fenari, noc, observium, svn, and stafford
>>> no longer need exclusions. (I have only checked noc; some of the
>>> others seem not to be intended for public use.)
>>>
>> I know you're only the messenger but stafford.wikimedia.org only has
>> valid certs for *.opendns.com. That said, the rest seem to have
>> worked. Fenari requires authentication, but that loaded via https so I
>> included it.
> Are you using the OpenDNS DNS servers? This probably means
> stafford.wikimedia.org doesn't exist anymore. I don't think the
> Wikimedia Foundation actually has a contract with OpenDNS in any way;
> do you know otherwise?
>
Yeah, my uni probably uses the OpenDNS DNS servers. And using a few
websites to test the url, I would say your conclusion is correct. It
doesn't seem
to exist anymore.
>> Thanks for the emails.
> You're welcome. Again, I am a busy student, so sorry for not watching
> the Git more closely / not registering a Git account / other
> imperfections in my "developer etiquette."
>
> C. Liu
I'm a student as well. No need to worry. As for developer etiquette, I doubt
I have any either. I'm just trying to help out.

--
graff