[HTTPS-Everywhere] more rules mean more time

[Eitan Adler]

On 12 March 2013 10:49, Russell Golden <niveusluna at niveusluna.org> wrote:
> ARGH. WHY does the admin of this list think it's a good idea to not set the
> reply-to to the address of the list? And don't say "violation of standards,"
> I want something sensible.

I've replied in private.

> On Mar 8, 2013 5:34 PM, "Peter Eckersley" <pde at eff.org> wrote:
>>
>> Adding more rulesets does not slow the browser down.  The algorithm for
>> querying them is O(1).
>
> That is very interesting. I did not know that. I am a newbie programmer. I
> would like to know how the heck that is possible, let alone able to be
> coded. It sounds *very* useful.

https://en.wikipedia.org/wiki/Hash_table

Note that it is *amortized* O(1) lookup.  There exist 'true' O(1)
lookups but usually the constraints are too great.

> Not all websites that support SSL do so on the same domain as their
> unencrypted site. The trend with this seems to be that this is only done for
> testing (encrypted.google.com, secure.wikimedia.org/wikipedia), and is
> rolled out to the main domain when it is deemed stable enough. However, it
> still causes issues with on-the-fly detection.

Further, some websites that seem to support SSL by returning a
response may return different content over SSL and over unencrypted
HTTP.   There is no easy way to determine this.

Finally, a probe to an SSL site over non-GET/HEAD/PUT/DELETE request
may not be idempotent.  Sites may also be non-idempotent over
GET/HEAD/PUT/DELETE requests but this violates rfc2616 section 9.1.



-- 
Eitan Adler