[HTTPS-E Rulesets] I goofed (regarding ShareThis)
Christopher Liu
cmliu00151 at gmail.com
Wed Mar 13 08:54:16 PDT 2013
To whom it may concern:
In a previous email, I proposed rewriting s.sharethis.com to sd.sharethis.com.
It turns out that this doesn't work, because sd.sharethis.com uses a
load-balancing arrangement in which some servers have expired certs.
(This isn't a case in which the cert expired after I wrote the email -
I saw a cert that expired in Sep. 2011)
Thus, the domains s.sharethis.com and sd.sharethis.com need to be
excluded from the main ShareThis ruleset. Any coverage of said domains
would need to be in a "problematic" ruleset.
(To review: s.sharethis.com can't be rewritten verbatim because it's
hosted by Akamai. It is used for a script s.sharethis.com/loader.js
which displays a box of share options near the left edge of the
window. This is used on support.sharethis.com, blog.sharethis.com, and
probably some 3rd-party websites. The script loads some resources from
sd.sharethis.com, which also contains a copy of the script itself.)
Everything else I said still holds true.
Sorry for any inconvenience again...
C. Liu
More information about the HTTPS-Everywhere-Rules
mailing list