[HTTPS-Everywhere] reddit.com wants EFF to disable HTTPS???
Neil Williams
neil at reddit.com
Sat Aug 6 23:38:54 PDT 2011
Two additional reports, this time specifically of cert errors:
http://redd.it/jak59
http://redd.it/jb27e
On Sat, Aug 6, 2011 at 11:32 PM, Neil Williams <neil at reddit.com> wrote:
>> Neil, can you please post to the Rules Mailing List next time
>
> My apologies.
>
>>
>> pay.reddit.com works fine for me....
>>
>> www.reddit.com == pay.reddit.com same content in HTTPS.
>>
>> Can you also point out where exactly (which URL) there is a bug when
>> the current ruleset is used?
>>
>
> There have been a flood of reports of SSL certificate issues when
> using pay.reddit.com in the last few days. In most of the cases I've
> seen, it's because they're using HTTPS Everywhere and it's using
> pay.reddit.com. You can see the reports here:
>
> http://www.reddit.com/search?q=pay.reddit.com
>
> My understanding is that it's related to our CDN, Akamai, and so it
> may vary based on which edge server you get and whether or not you're
> logged in.
>
>> The reasons for using HTTPS are many including to prevent snooping on
>> the TOR Network.
>
> I completely agree that HTTPS is the way to go and we will make it
> available to all as soon as our infrastructure is configured to do it
> without causing issues for our users. At the moment, it only works on
> a subset of pages that are disallowed from using edge-caching (the pay
> pages which are used for credit card processing).
>
>> Removing/Disabling the whole site (when it is working) goes against
>> all the principles that EFF stands for. Unless it doesn't work it
>> should not be removed.
>
> I'm asking for the rules to be disabled because it's causing issues
> for our users as is amply supported by the many complaints on our
> site, not because we disagree with the use of HTTPS.
>
More information about the HTTPS-everywhere
mailing list