[HTTPS-Everywhere] Google native https
Alex Xu
alex_y_xu at yahoo.ca
Wed Oct 19 13:05:48 PDT 2011
Perhaps a Google and Google+ separate ruleset?
On 11-10-19 02:40 PM, Peter Eckersley wrote:
> We should not change the Google rulesets because of this announcement.
> encrypted.google.com will continue to exist, and will continue to offer better
> protection than https://www.google.com, in particular when users click on
> advertisements.
>
> https://www.eff.org/deeplinks/2011/10/google-encrypts-more-searches
>
> On Wed, Oct 19, 2011 at 05:59:10PM +0200, Heinz Repp wrote:
>> Hello,
>>
>> Google announced native https support for its sites, the main site
>> https://www.google.com and its NLS variants already working:
>>
>> http://googleblog.blogspot.com/2011/10/making-search-more-secure.html
>>
>> This requires a rewrite (and simplification) of the google ruleset,
>> mainly just changing http to https without sending to
>> encrypted.google.com. This change should come soon, as the native
>> https://www.google.com has all its bells and whistles, but the
>> encrypted.google.com has not.
>>
>> Google said it would do the redirection by itself only for logged-on
>> users, so support by https-everywhere is still needed, and in its
>> current form it even invalidates Google's approach for logged-on users.
>>
>> Jm2c
>>
>> Heinz
>> _______________________________________________
>> HTTPS-everywhere mailing list
>> HTTPS-everywhere at mail1.eff.org
>> https://mail1.eff.org/mailman/listinfo/https-everywhere
>
More information about the HTTPS-everywhere
mailing list