[HTTPS-Everywhere] Embedded rules
Eitan Adler
lists at eitanadler.com
Wed Jul 23 22:15:25 PDT 2014
On 23 July 2014 14:31, Ian Cordasco <graffatcolmingov at gmail.com> wrote:
> On Wed, Jul 23, 2014 at 3:44 PM, Weedy <weedy2887 at gmail.com> wrote:
>> Did you guys ever work out how webmasters/sysadmins could embed rules
>> into a page or store something in the docroot?
>>
>> https://domain.com/http-everywhere.xml or something?
>
> Is the purpose so that when you visit a website, you find a ruleset
> for the domain and then download/load that ruleset?
HSTS is likely a better technology for the majority of use cases. I
could see how a .well-known/ [0] ruleset would offer additional
functionality (pattern based rules) but I wonder about the likely
adoption rate is. It would have to be a website that wants HTTPS for
all access to only a particular subset of pages.
[0] If the server wanted to do this, they coul
--
Eitan Adler
More information about the HTTPS-Everywhere
mailing list