[HTTPS-Everywhere] Suggestion: All sites HTTPS check
Seth David Schoen
schoen at eff.org
Mon Oct 25 12:26:24 PDT 2010
Eitan Adler writes:
> On Mon, Oct 25, 2010 at 9:37 AM, John Doe <johndoe32102002 at gmail.com> wrote:
> > I have a suggestion:
> > It would be nice if your plugin checked (or prefetch checked) if there
> > were an SSL site available on all websites the user were to go to and
>
> How could you guarantee that the content of the https site is
> equivalent to the http site?
>
> eg: https://noscript.net/ vs http://noscript.net/
Another example is
https://www.livejournal.com/ vs http://www.livejournal.com/
> Although the idea sounds decent if it could implemented well :-)
It would have to require active cooperation by the site operator,
like an HSTS policy. Alternatively we could see if the initial
page at the HTTPS version of the site is byte-for-byte identical
to the initial page at the HTTP version, but this will probably
only happen for around 1% of web sites.
--
Seth Schoen
Senior Staff Technologist schoen at eff.org
Electronic Frontier Foundation https://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the HTTPS-everywhere
mailing list