[HTTPS-Everywhere] Enabling and disabling all websites with CAcert certificates
Seth David Schoen
schoen at eff.org
Thu May 12 21:15:00 PDT 2011
Chris Palmer writes:
> On May 12, 2011, at 7:45 PM, Pablo Castellano wrote:
>
> > So I agree they are disabled by default since the root certificate is
> > not included in the web browsers but what do you think about adding a
> > simple checkbox called "Trust CAcert" in the preferences windows, so
>
> Why not just add the CAcert root cert to your Firefox' root CA list?
>
> http://www.cacert.org/index.php?id=3
The HTTPS Everywhere distribution includes rules that are turned off
(have no effect) because the sites that would be affected use
CACert (and so would produce errors for people using a default Firefox
install + HTTPS Everywhere). When people add the CACert root to their
CA list, they still don't get the benefit of these rules unless they
manually turn each one on. The proposal here is to make a more
convenient way for people to do this.
A more complex thing we could do is create a way for a rule to
declare a dependency on a CA and have a mechanism where rules are
enabled (at the start of a browser session) if the CA (if any) on
which they depend is installed in the browser and the rules have
never been explicitly disabled by the user. This might have more
difficult conceptual and support consequences for the future of the
extension, though. (For instance, how do rewrite rules identify
the CAs on which they depend?)
--
Seth Schoen
Senior Staff Technologist schoen at eff.org
Electronic Frontier Foundation https://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107
More information about the HTTPS-everywhere
mailing list