[HTTPS-Everywhere] HTTPS by default for addresses with no scheme

Drake, Brian brian2 at drakefamily.tk
Fri Dec 24 17:46:24 PST 2010 

I’m in the habit of typing in full URLs, including the scheme. Therefore, if
I leave off the scheme, it’s a special case, just as if I added a new rule
and restarted the browser, only leaving off the scheme is much easier! In
this case, though, I agree with you, it’s probably not useful for most
users.

As for my second idea, I agree that it’s theoretically flawed but can you
name any examples where it would actually be a problem in practice?
Considering all the sites I’ve visited, I can’t think of any such examples.
As for sites like LiveJournal, I would expect them (mostly) to use different
URLs for the secure and non-secure portions of the site, so my suggestion
wouldn’t be a problem. (To clarify, the my proposed criteria for automatic
redirection is that the  HTTPS address in the browsing history exactly
matches the address in the request, except for the scheme, not just that the
domain matches.)

I say it’s flawed in much the same way as dropping support for obsolete
protocols is flawed (I’m thinking of when Mozilla dropped support for SSL
2.0).

On Fri, Dec 24, 2010 at 1253 (UTC-8), Osama Khalid <osamak at gnu.org> wrote:

> > I’m particularly interested in the first part of my idea: addresses
> > typed into the address bar. Then I can type in http:// to override
> > it.
> >
> > Another idea is to automatically redirect any time the corresponding
> > https address has successfully loaded before but the http address
> > has not.
>
> The thing is that the ugly side effects of HTTPS automation will exist
> in both use cases. I also still wonder if even a small percentage of
> HTTPSEverywhere users will want to use this.
>
> --Osama Khalid
> [snip]
>

--
Brian Drake

Alternate (slightly less secure) e-mail: brian at drakefamily.tk
Alternate (old) e-mail: brianriab at gmail.com

Facebook profile: Profile ID
100001206642672<https://ssl.facebook.com/profile.php?id=100001206642672>
Twitter username: BrianJDrake <https://twitter.com/BrianJDrake>
Wikimedia project username:
Brianjd<https://secure.wikimedia.org/wikipedia/meta/wiki/User:Brianjd>(been
inactive for a while)

All content created by me Copyright © 2010 Brian Drake. All rights reserved.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20101225/3299e33f/attachment.html>

More information about the HTTPS-everywhere mailing list