[HTTPS-E Rulesets] Problems browsing scratch.mit.edu with https everywhere enabled
Peter Eckersley
pde at eff.org
Thu Nov 15 16:10:34 PST 2012
I realised that I could just make a scratch account to test this myself. And
it turns out that we have an underlying bug in our code in addition to the
overly enthusiastic MIT ruleset:
https://trac.torproject.org/projects/tor/ticket/7491
On Wed, Nov 14, 2012 at 02:27:09PM -0500, Amos Blanton wrote:
> On Wed, Nov 14, 2012 at 2:17 PM, Peter Eckersley <pde at eff.org> wrote:
>
> >
> > However it still isn't clear that this would fix the bug we have with
> > scratch.mit.edu, because we haven't ruled out the possibility that it's
> > caused
> > by a .mit.edu cookie that is legitimately secured on other MIT subdomains.
> >
> >
> Hi Peter,
>
> That's not the case for us. Scratch (scratch.mit.edu) is functionally
> independent of other MIT subdomains. It's an open source programming
> language we developed to help kids around the world learn to program.
> Scratch only recognizes its own authentication / cookies.
>
> Incidentally, we also have a variety of cnames, like suggest.scratch.mit.edu,
> and wiki.scratch.mit.edu, in case that matters.
>
> Thanks,
> Amos
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-Everywhere-Rules
mailing list