[HTTPS-Everywhere] Embedded rules
Eitan Adler
lists at eitanadler.com
Wed Jul 23 22:17:07 PDT 2014
On 23 July 2014 22:15, Eitan Adler <lists at eitanadler.com> wrote:
> On 23 July 2014 14:31, Ian Cordasco <graffatcolmingov at gmail.com> wrote:
>> On Wed, Jul 23, 2014 at 3:44 PM, Weedy <weedy2887 at gmail.com> wrote:
>>> Did you guys ever work out how webmasters/sysadmins could embed rules
>>> into a page or store something in the docroot?
>>>
>>> https://domain.com/http-everywhere.xml or something?
>>
>> Is the purpose so that when you visit a website, you find a ruleset
>> for the domain and then download/load that ruleset?
>
> HSTS is likely a better technology for the majority of use cases. I
> could see how a .well-known/ [0] ruleset would offer additional
> functionality (pattern based rules) but I wonder about the likely
> adoption rate is. It would have to be a website that wants HTTPS for
> all access to only a particular subset of pages.
>
>
> [0]
This was supposed to be a reference to http://tools.ietf.org/html/rfc5785
--
Eitan Adler
More information about the HTTPS-Everywhere
mailing list