[HTTPS-Everywhere] The context menu has landed
Osama Khalid
osamak at gnu.org
Sat Jun 25 13:19:33 PDT 2011
On Sat, Jun 25, 2011 at 04:56:12PM +0800, Drake, Brian wrote:
> - optimisation (https?://(www.)?example.com/ →
> https://www.example.com/, where https://example.com/ would have
> redirected to https://www.example.com/ anyway);
I don't think this kind of rules should be accepted because it does
not provide a known encryption advantage, but I may support it if
https://example.com/ results in a certificate warning.
> - controlling content from untrusted domains
> (https?://apps.facebook.com/→ https://example.com/fbAppGateway/).
This kind of rules shouldn't be accepted at all since it redirects
users to a provider other than the one they choose, which could be
even more dangerous than insecurely connecting the original website.
--Osama Khalid
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20110625/6813f276/attachment.sig>
More information about the HTTPS-everywhere
mailing list