[HTTPS-Everywhere] ideas for improvements to development and use of the ruleset

[Yan Zhu]

On 03/04/2014 08:16 PM, Paul Wise wrote:

> I'm using https-finder. It often redirects me to https sites that
> https-everywhere does not know about. I was thinking it would be a great
> idea for https-finder to have the ability to submit domains that have
> https on them over tor. Also it would be great if https-finder were
> merged into https-everywhere.

We've gotten this suggestion a couple times before. Seth Schoen tells me
that the HTTPS Finder rules are often buggy or incomplete, so it's
better if humans look at them first and submit them to us (rather than
have HTTPS Finder automatically submit everything that it finds).

> The ruleset is updated quite often but the plugin doesn't necessarily
> get updated on user's computers often, especially for example in Debian
> stable. In order to work around this issue it would be great to ship a
> snapshot of rules with the plugin as now but also allow the plugin to
> download new rules on a regular basis over https with cert pinning in
> place.

As discussed previously, it would be great for us to decouple ruleset
updates from extension updates so that we can ship ruleset updates more
frequently (extension updates happen about once every two months). I'm
open to the idea of shipping ruleset updates over HTTPS with certificate
pinning (i.e., bundling the public key with the HTTPS Everywhere
package) as soon as they get checked into git, but this would mean that
ruleset updates are less secure than extension updates (since we sign
extension updates with an offline private key in addition to serving
them over HTTPS).

(There's a good argument that ruleset security should be equivalent to
extension security, since an attacker can submit a ruleset update that
rewrites the extension update URL to a malicious one!)

-Yan