[HTTPS-E Rulesets] Suggested enhancements (affecting Adobe, Apple, Barnes & Noble, Flickr, Mozilla, UCSD, Wikipedia)

Tue May 8 00:48:45 PDT 2012

Colonel Graff,

I have started to look over the current rules as listed at
https://gitweb.torproject.org/https-everywhere.git/tree/HEAD:/src/chrome/content/rules
, and I am not sure I correctly understand a couple of your previous
comments.

With regard to ccrma.stanford.edu and the Adobe/Typekit stuff, you
said these are "already covered." However, I don't see
ccrma.stanford.edu in
https://gitweb.torproject.org/https-everywhere.git/blob/HEAD:/src/chrome/content/rules/Stanford-University.xml
(possibly it already enforces https, so someone decided not to include
it?).
As for Adobe, I see from
https://gitweb.torproject.org/https-everywhere.git/blob/HEAD:/src/chrome/content/rules/Adobe.xml
that use.typekit.com is already covered, but not www.macromedia.com /
typekit.com / use.typekit.net .
If you need an example page where use.typekit.net is found, see
https://typekit.com/fonts and
http://azcivicleadership.org/civic-leadership-academy/

Again, thank you for your time and help.

C. Liu

On Sun, May 6, 2012 at 2:20 PM, Colonel Graff
<graffatcolmingov at gmail.com> wrote:
> On Sun, May 6, 2012 at 4:35 PM, Christopher Liu <cmliu00151 at gmail.com> wrote:
>> Colonel Graff,
>>
>> In response to your questions and concerns:
>>
>>>> dvcs.w3.org
>>> Held off on this because I'm fairly certain the W3C asked us not to
>>> use the ruleset for their sites by default.
>> So why is a ruleset with default_off not acceptable? Did W3C
>> specifically state so? For reference, my request was specific to
>> dvcs.w3.org and not for any other W3C domains.
>>
> True. I'll tuck it into the W3C rule the next chance I get.
>
>>>> Some parts of Stanford University - ccrma.stanford.edu
>>>> fah-web.stanford.edu (I have never attended Stanford, so I haven't
>>>> tested further)
>>> The former was already covered, the latter doesn't support HTTPS as
>>> far as I can tell.
>> See for example https://fah-web.stanford.edu/projects/FAHClient (which
>> appears to be part of a Trac installation). However, I am now aware
>> http://fah-web.stanford.edu/cgi-bin/getpasskey.py redirects back to
>> http; sorry for not testing that first.
>>
> No problem. I had only tried simply fah-web.stanford.edu. We can contact them
> and ask them if they would kindly fix it.
> t
>>>> Mozilla:
>>>> Add support.mozilla.org (to which support.mozilla.com now redirects)
>>>> and tbpl.mozilla.org
>>>>
>>> Someone else already got these as well.
>> Assuming https://gitweb.torproject.org/https-everywhere.git/blob/68ce3ecd4b919bf7cab0117123596800b8bbbb6d:/src/chrome/content/rules/Mozilla.xml
>> shows the current status of the ruleset, someone seems to have
>> mistakenly typed a 1 (one) instead of an L - that is, t b p 1. "tbpl"
>> is an abbreviation for Tinderbox Pushlog.
>>
> Good catch. Should have caught that myself. It's fixed now.
>
>>>> UCSD:
>>>> The changes in this attachment compared to my previous submission include: (redacted for brevity)
>>>>
>>> I take it you wish the text file you attached to be substituted in for
>>> the old ruleset?
>> Yes, that is correct.
>>
> I'll test it and commit it sometime later this week. I have 2 finals tomorrow.
>
>>>> Wikipedia:
>>>> According to http://wikitech.wikimedia.org/view/Httpsless_domains ,
>>>> the wikimedia.org subdomains fenari, noc, observium, svn, and stafford
>>>> no longer need exclusions. (I have only checked noc; some of the
>>>> others seem not to be intended for public use.)
>>>>
>>> I know you're only the messenger but stafford.wikimedia.org only has
>>> valid certs for *.opendns.com. That said, the rest seem to have
>>> worked. Fenari requires authentication, but that loaded via https so I
>>> included it.
>> Are you using the OpenDNS DNS servers? This probably means
>> stafford.wikimedia.org doesn't exist anymore. I don't think the
>> Wikimedia Foundation actually has a contract with OpenDNS in any way;
>> do you know otherwise?
>>
> Yeah, my uni probably uses the OpenDNS DNS servers. And using a few
> websites to test the url, I would say your conclusion is correct. It
> doesn't seem
> to exist anymore.
>>> Thanks for the emails.
>> You're welcome. Again, I am a busy student, so sorry for not watching
>> the Git more closely / not registering a Git account / other
>> imperfections in my "developer etiquette."
>>
>> C. Liu
> I'm a student as well. No need to worry. As for developer etiquette, I doubt
> I have any either. I'm just trying to help out.
>
> --
> graff