[HTTPS-Everywhere] HTTPS Everywhere 0.3.0.development.1
Robert Ransom
rransom.8774 at gmail.com
Sat Nov 13 14:05:45 PST 2010
On Sat, 13 Nov 2010 13:51:25 -0800
Peter Eckersley <pde at eff.org> wrote:
> It's worth noting that in a use case like this, HTTPS Everywhere is equivalent
> to HSTS:
>
> https://secure.wikimedia.org/wikipedia/en/wiki/Strict_Transport_Security
No. sslstrip can easily be extended to remove
Strict-Transport-Security headers from responses that it forwards to the
client (if it does not do so already).
Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20101113/88671f84/attachment.sig>
More information about the HTTPS-everywhere
mailing list